systemd (247.3-7+deb11u4progress6u1) fuchur; urgency=medium * Initial reupload to fuchur. * Updating maintainer field. * Updating uploaders field. * Updating bugs field. * Updating vcs fields. * Updating ntp servers for Progress Linux. * Updating support url for Progress Linux. * Starting agetty with --nohostname option. * Mounting /proc with hidepid=2 option. * Disabling ctrl-alt-del.target. * Enabling 10 automatic virtual terminals in logind. * Reserving virtual terminal on position 2 in logind. * Mounting /etc/hostname as /run/host/hostname in systemd-nspawn container. -- Daniel Baumann Sat, 27 Apr 2024 15:02:29 +0200 systemd (247.3-7+deb11u4) bullseye; urgency=medium * backport patches to fix a calendar spec calculation hang on DST change if TZ=Europe/Dublin (Closes: #1033540) -- Luca Boccassi Sun, 18 Jun 2023 15:55:54 +0100 systemd (247.3-7+deb11u3) bullseye; urgency=medium * udev: fix creating /dev/serial/by-id/ symlinks for USB devices. (Closes: #1035094) * Fix memory leak on daemon-reload -- Luca Boccassi Sun, 30 Apr 2023 13:56:31 +0100 systemd (247.3-7+deb11u2) bullseye; urgency=medium [ Michael Biebl ] * ata_id: fix getting Response Code from SCSI Sense Data. (Closes: #1021579) * logind: fix getting property OnExternalPower via D-Bus (Closes: #1021644) [ Luca Boccassi ] * Backport patch to fix CVE-2022-4415 (Closes: #1026831) * Backport patch to fix CVE-2022-3821 * Backport patch to fix crash in systemd-machined (Closes: #1023567) -- Luca Boccassi Thu, 22 Dec 2022 12:55:42 +0100 systemd (247.3-7+deb11u1) bullseye; urgency=medium * Drop bundled copy of linux/if_arp.h. Fixes build failures with newer kernel headers. * virt: support detection for ARM64 Hyper-V guests (Closes: #1013342) * virt: detect OpenStack instance as KVM on arm (Closes: #1016157) -- Michael Biebl Sun, 07 Aug 2022 15:25:09 +0200 systemd (247.3-7) bullseye; urgency=medium * Switch debian-branch to debian/bullseye * udevadm-trigger: do not return immediately on EACCES. Fixes a regression when using systemd-networkd in an unprivileged LXD container. (Closes: #997006) * Revert multipath symlink race fix. Revert upstream commits which caused a regression in udev resulting in long delays when processing partitions with the same label. (Closes: #993738) * shared/rm-rf: loop over nested directories instead of recursing. Fixes uncontrolled recursion in systemd-tmpfiles. (CVE-2021-3997, Closes: #1003467) * Demote systemd-timesyncd from Depends to Recommends. This avoids a dependency cycle between systemd and systemd-timesyncd and thus makes dist upgrades more predictable and robust. It also allows minimal, systemd based containers where no NTP client is strictly necessary. To ensure that systemd-timesyncd is installed in a default installation created by d-i, bump its priority to standard. (Closes: #986651, #993947) * autopktest: Fix timedated test dependencies. Add an explicit systemd-timesyncd dependency as it is required by the timedated test. * machine: enter target PID namespace when adding a live mount. Fixes failure to bind mount a directory into a container using machinectl. (Closes: #993248) -- Michael Biebl Sun, 20 Mar 2022 20:55:25 +0100 systemd (247.3-6) unstable; urgency=high * Non-maintainer upload (acked by maintainers) * unit-name: generate a clear error code when converting an overly long fs path to a unit name * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910) * basic/unit-name: adjust comments -- Salvatore Bonaccorso Tue, 13 Jul 2021 19:29:24 +0200 systemd (247.3-5) unstable; urgency=medium * udev-udeb: setup /dev/fd, /dev/std{in,out,err} symlinks. As systemd-udevd no longer sets them up itself, we create them manually after mounting devtmpfs. This avoids breaking applications which expect those symlinks. (Closes: #975018) -- Michael Biebl Mon, 12 Apr 2021 20:21:24 +0200 systemd (247.3-4) unstable; urgency=medium [ Luca Boccassi ] * Backport patch to fix assert with invalid LoadCredentials= Regression introduced in v247, fixed in v249, see: https://github.com/systemd/systemd/issues/19178 (Closes: #986302) [ Michael Biebl ] * network: Delay addition of IPv6 Proxy NDP addresses. Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after networkd adds them". (Closes: #985510) -- Michael Biebl Sun, 11 Apr 2021 16:06:46 +0200 systemd (247.3-3) unstable; urgency=medium * pkg-config: make prefix overridable again (Closes: #984763) * Revert "units: turn off DNSSEC validation when timesyncd resolves hostnames" Support for SYSTEMD_NSS_RESOLVE_VALIDATE=0 requires the changes from https://github.com/systemd/systemd/pull/17823 for the dnssec bypass logic. Those are rather invasive changes and not suitable for a stable backport. -- Michael Biebl Thu, 11 Mar 2021 18:09:35 +0100 systemd (247.3-2) unstable; urgency=medium * Downgrade a couple of warnings to debug. If a package still ships only a SysV init script or if a service file or tmpfile uses /var/run, downgrade those messages to debug. We can use lintian to detect those issues. For service files and tmpfiles in /etc, keep the warning, as those files are typically added locally and aren't checked by lintian. (Closes: #981407) * core: fix mtime calculation of dropin files (Closes: #975289) * analyze: slightly reword PrivateTmp= message (Closes: #931753) * rules: move ID_SMARTCARD_READER definition to a <70 configuration (Closes: #978011) * units: turn off DNSSEC validation when timesyncd resolves hostnames (Closes: #898530) * table: drop trailing white spaces of the last cell in row (Closes: #980820) -- Michael Biebl Sat, 06 Mar 2021 22:32:14 +0100 systemd (247.3-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 247.3 * Rebase patches [ Ioanna Alifieraki ] * systemctl: return error code when scheduled shutdown fails -- Michael Biebl Wed, 03 Feb 2021 17:11:39 +0100 systemd (247.2-5) unstable; urgency=medium [ Matthias Klumpp ] * Configure localed to run locale-gen to generate missing locale. This applies an (upstreamed) patch to permit systemd-localed to run locale-gen to generate missing locale when requested to switch the system locale. This makes localectl usable on Debian for changing locale without breaking system localization or even prevent certain applications from running at all after switching to a non-generated locale. [ Michael Biebl ] * systemctl: do not shutdown immediately on scheduled shutdown. When, for whatever reason, a scheduled shutdown fails to be set, systemd will proceed with immediate shutdown without allowing the user to react. This is counterintuitive because when a scheduled shutdown is issued, it means the user wants to shutdown at a specified time in the future, not immediately. (Closes: #931235) * test: disable DnsmasqClientTest.test_resolved_etc_hosts in networkd-test.py. This test appears to be flaky. See: #979716 * Bump Standards-Version to 4.5.1 * Set upstream metadata fields: Bug-Submit, Bug-Database, Repository, Repository-Browse -- Michael Biebl Mon, 18 Jan 2021 13:45:15 +0100 systemd (247.2-4) unstable; urgency=medium * Move libraries and NSS modules from /lib to /usr/lib. Keep libpam_systemd.so installed in /lib, as PAM doesn't support loading PAM modules from /usr/lib on a split-usr system. -- Michael Biebl Sat, 02 Jan 2021 17:06:01 +0100 systemd (247.2-3) unstable; urgency=medium * test: use modern qemu numa arguments This fixes TEST-36-NUMAPOLICY from the upstream autopkgtest when using qemu >= 5.2. * Increase timeout when running unit tests. The default timeout for individual unit tests is 30s. On slower architectures and environments like reproducible-builds, this sometimes is not enough. Instead of fine-tuning the timeout for each individual test, we instead increase the timeouts by a factor of 10. * init-functions, getty-static.service: Don't hard-code path to systemctl binary. This should simplify an eventual move of systemctl from /bin to /usr/bin. * getty-static.service: Skip if dbus-broker is installed. Check for the binary in /usr/bin as this makes it easier to move the service files from /lib/systemd to /usr/lib/systemd. -- Michael Biebl Sat, 26 Dec 2020 13:33:41 +0100 systemd (247.2-2) unstable; urgency=medium * Switch to "unified" cgroup hierarchy (i.e. cgroupv2) (Closes: #943981) -- Michael Biebl Mon, 21 Dec 2020 20:06:49 +0100 systemd (247.2-1) unstable; urgency=medium [ Balint Reczey ] * debian/systemd.NEWS: Mention udev rules changes in 247 [ Michael Biebl ] * New upstream version 247.2 * Rebase patches * test: fix fd_is_mount_point() check -- Michael Biebl Sun, 20 Dec 2020 20:44:31 +0100 systemd (247.1-4) unstable; urgency=medium [ наб ] * debian/extra/kernel-install.d/85-initrd.install: Don't install initrd when an explicit path was passed (Closes: #970213) * debian/extra/kernel-install.d/85-initrd.install: Match initrd installation messages and uninstallation to 90-loaderentry.install [ Michael Biebl ] * sd-device: keep escaped strings in DEVLINK= property (Closes: #976699) -- Michael Biebl Fri, 11 Dec 2020 20:25:31 +0100 systemd (247.1-3) unstable; urgency=medium * d/t/timedated: Ignore return code of dbus-monitor in wait_mon() We are not really interested in the return code and error messages from dbus-monitor after killing it, so ignore them to avoid undesired autopkgtest failures. -- Michael Biebl Thu, 03 Dec 2020 23:53:29 +0100 systemd (247.1-2) unstable; urgency=medium [ Michael Biebl ] * Upload to unstable * Revert "d/t/timedated: use /bin/bash to work around job handling issue in dash" [ Balint Reczey ] * debian/tests/timedated: Wait for the killed child only. There may be other children of the script due to autopkgtest machinery and they exit after the script exited. (LP: #1904406) -- Michael Biebl Wed, 02 Dec 2020 23:25:32 +0100 systemd (247.1-1) experimental; urgency=medium * New upstream version 247.1 -- Michael Biebl Tue, 01 Dec 2020 17:17:28 +0100 systemd (247-1) experimental; urgency=medium * New upstream version 247 * Rebase patches * Update symbol versions for the v247 release -- Michael Biebl Thu, 26 Nov 2020 19:46:41 +0100 systemd (247~rc2-3) experimental; urgency=medium * Merge changes from unstable * sd-device: make sd_device_has_current_tag() compatible with udev database generated by older udevd (Closes: #974730) * Add Breaks: udev (<< 247~) to systemd. This ensures that udev is upgraded alongside systemd and both support the new udev tags concept introduced in v247. (Closes: #975554) -- Michael Biebl Thu, 26 Nov 2020 18:18:53 +0100 systemd (247~rc2-2) experimental; urgency=medium * missing: define several syscall numbers for MIPS arch (Closes: #974619) -- Michael Biebl Fri, 13 Nov 2020 19:22:04 +0100 systemd (247~rc2-1) experimental; urgency=medium [ Michael Biebl ] * New upstream version 247~rc2 - tmpfiles: Handle filesystems without ACL support in more cases (Closes: #972135) * Rebase patches * Explicitly disable oomd * Use -Dmode=release as we want a release, not developer, build * Update symbols file for libudev1 and libsystemd0 [ Luca Boccassi ] * systemd-container: install systemd-dissect binary. Required for TEST-50-DISSECT since: https://github.com/systemd/systemd/pull/16046 * d/t/control: install squashfs-tools for upstream test. Required by TEST-50-DISSECT since upstream PR: https://github.com/systemd/systemd/pull/16046 [ Dan Streetman ] * d/control: update meson minimum version https://github.com/systemd/systemd/pull/13842#issuecomment-601105975 * d/t/upstream: convert 'blacklist' term to 'deny-list' Support transition for upstream-ci from https://github.com/systemd/systemd/pull/16262 -- Michael Biebl Thu, 12 Nov 2020 21:23:22 +0100 systemd (246.6-5) unstable; urgency=medium * Drop non-functional DefaultTasksMax patch. This patch was supposed to remove the DefaultTasksMax limit, but lost its actual logic over 4 years ago, when the patches were rebased for the v231 release. Since nobody has complained so far, we can assume it is safe to drop this patch. (Closes: #975335) * test-seccomp: accept ENOSYS from sysctl(2) too. It seems that kernel 5.9 started returning that. * test/test-functions: copy /usr/lib/pam.d into $initdir. The systemd-user file has been moved from /etc/pam.d into /usr/lib/pam.d, so test-functions needs to copy it from /usr/lib/pam.d instead. -- Michael Biebl Tue, 24 Nov 2020 21:53:25 +0100 systemd (246.6-4) unstable; urgency=medium * Revert "Trigger a systemctl daemon-reload when init scripts are installed or removed" Remove the dpkg file trigger which called systemctl daemon-reload whenever a SysV init script was installed. We have proper support in debhelper nowadays which makes this superfluous and we want to avoid unnecessary systemctl daemon-reload calls. -- Michael Biebl Thu, 19 Nov 2020 22:35:48 +0100 systemd (246.6-3) unstable; urgency=medium * pam: include pam_keyinit session module in systemd-user. We want that systemd --user gets its own keyring, not the basic keyring set up by systemd --system. * pam: move systemd-user PAM config from /etc/pam.d to /usr/lib/pam.d. This is supported since PAM 1.2 and we want as little files in /etc as possible. * init-functions: update LSB hook to not use ignore-dependencies job-mode=ignore-dependencies, as currently used in the LSB hook during bootup and shutdown, can have undesired side-effects, like changing the ordering of services and ultimately causing them to fail, due to unmet dependencies. So simplify that, and only apply --no-block on reload requests during bootup and shutdown. (Closes: #960594) * d/t/timedated: use /bin/bash to work around job handling issue in dash. See: #975010 -- Michael Biebl Tue, 17 Nov 2020 23:34:07 +0100 systemd (246.6-2) unstable; urgency=medium * XDG autostart improvements - Add support for Path= in XDG Desktop File - Ignore more common XDG Desktop Entry fields - Lower most info messages to debug level (Closes: #968116) * Re-enable seccomp support on riscv64. This should be safe now, as the code has fallbacks for systems with older libseccomp versions. * Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr. In Debian, late mounting of /usr is no longer supported, so it is safe to install those files in /usr. We want those facilities in /usr, not /, as this will make an eventual switch to a merged-usr setup easier. (Closes: #971282) * units: update serial-getty@.service to support 57600 baud rate (Closes: #969144) * bootspec: don't fail with EIO if searching for ESP and finding one without an enveloping partition table (Closes: #970534) -- Michael Biebl Thu, 15 Oct 2020 23:48:34 +0200 systemd (246.6-1) unstable; urgency=medium * New upstream version 246.6 * Rebase patches -- Michael Biebl Mon, 21 Sep 2020 20:28:36 +0200 systemd (246.5-1) unstable; urgency=medium * New upstream version 246.5 - network: fix NDisc handling for the case when multiple routers exist (Closes: #969599) - core/socket: we may get ENOTCONN from socket_instantiate_service() (Closes: #970156) * Rebase patches -- Michael Biebl Mon, 14 Sep 2020 08:04:39 +0200 systemd (246.4-1) unstable; urgency=medium * New upstream version 246.4 * Rebase patches -- Michael Biebl Wed, 02 Sep 2020 13:30:52 +0200 systemd (246.3-1) unstable; urgency=medium * New upstream version 246.3 * Rebase patches -- Michael Biebl Sat, 29 Aug 2020 18:39:32 +0200 systemd (246.2-2) unstable; urgency=medium [ Balint Reczey ] * debian/systemd.postinst: Restart systemd-networkd.socket on incompatible change. PassCredentials=yes is replaced with PassPacketInfo=yes and extra padding is dropped, too. (Closes: #968589, LP: #1891716) [ Michael Biebl ] * Fix restart of systemd-networkd.socket. We can't restart the socket while systemd-networkd.service is still active. Instead we stop the socket and ensure, that a try-restart of systemd-networkd.service also starts the socket. * seccomp: Add support for riscv64 (Closes: #954312) * Support missing conditions/asserts everywhere (Closes: #968612) * path: Skip directories when finalising $PATH search (Closes: #969006) -- Michael Biebl Sat, 29 Aug 2020 16:24:49 +0200 systemd (246.2-1) unstable; urgency=medium * New upstream version 246.2 * Remove resolvconf.conf drop-in, resolved integration moved to resolvconf package * Rebase patches * Add versioned Breaks against resolvconf (<< 1.83~) to systemd. The PathExists= directive was changed in v246 to match the documented behaviour but now causes resolvconf-pull-resolved.service to be continuously triggered by resolvconf-pull-resolved.path. This requires a fix in the resolvconf package, see #968015. (Closes: #967906) * Keep journal files compatible with older versions. Disable the KEYED-HASH journal feature by default and keep LZ4 (instead of ZSTD) as default compression for new journal files. Otherwise journal files are incompatible and can't be read by older journalctl implementations. This patch can be dropped in bullseye+1, as journalctl from bullseye will then be able to read journal files with those features. (Closes: #968055) -- Michael Biebl Mon, 17 Aug 2020 22:28:09 +0200 systemd (246.1-1) unstable; urgency=medium * New upstream version 246.1 * Rebase patches -- Michael Biebl Sun, 16 Aug 2020 13:14:46 +0200 systemd (246-2) unstable; urgency=medium * Upload to unstable -- Michael Biebl Mon, 03 Aug 2020 09:46:27 +0200 systemd (246-1) experimental; urgency=medium * New upstream version 246 * Rebase patches * Update symbols file for libsystemd0 * Bump libapparmor-dev Build-Depends to (>= 2.13) * Disable libfido2 support. This is only used by homed which we don't enable. -- Michael Biebl Thu, 30 Jul 2020 22:22:24 +0200 systemd (245.7-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 245.7 - resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver (Closes: #965371) - basic/cap-list: parse/print numerical capabilities (Closes: #964926) * Rebase patches [ Dan Streetman ] * Add libzstd-dev and zstd as build and test deps. https://github.com/systemd/systemd/pull/15422 -- Michael Biebl Mon, 27 Jul 2020 23:24:47 +0200 systemd (245.6-3) unstable; urgency=medium [ Dan Streetman ] * d/t/upstream: capture new merged 'system.journal' from tests. https://github.com/systemd/systemd/pull/15281 * d/t/upstream: use --directory or --file param for journalctl. Properly tell journalctl if the journal to parse is a dir or file. * d/t/storage: check for ext2 or ext4 fs when using crypttab 'tmp' option. https://github.com/systemd/systemd/pull/15853 [ Martin Pitt ] * debian/tests/localed-locale: Fix for environments without en_US.UTF-8. Unconditionally back up/restore locale configuration files and generate en_US.UTF-8. Previously the test failed in environments which have some locale other than en_US.UTF-8 in /etc/default/locale. Also fix the assertion of /etc/locale.conf not being present after localectl. This only applies to Debian/Ubuntu tests, not upstream ones. [ Dimitri John Ledkov ] * Enable EFI/bootctl on armhf. -- Michael Biebl Tue, 14 Jul 2020 18:16:57 +0200 systemd (245.6-2) unstable; urgency=medium [ Dan Streetman ] * 40-vm-hotadd.rules: check offline before onlining memory/cpus. The kernel will return EINVAL if the memory or cpu is already online, which is harmless, but adds a confusing error to the log. Avoid the error message by only onlining if the memory or cpu is currently offline. (LP: #1876018) [ Michael Biebl ] * d/t/boot-and-services: use canonical name for NetworkManager service * Fix build with libmicrohttpd 0.9.71. The return type of callbacks was changed from int to an enum. [ Youfu Zhang ] * fsckd: avoid useless CR displayed on console (LP: #1692353) [ Balint Reczey ] * dhclient-exit-hooks.d/timesyncd: Act only when systemd-timesyncd is available. Otherwise the hook script might trigger an error if the systemd-timesyncd package is uninstalled but not purged. (LP: #1873031) -- Michael Biebl Sun, 05 Jul 2020 11:44:39 +0200 systemd (245.6-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 245.6 * Rebase patches [ Balint Reczey ] * debian/tests/boot-and-services: Handle missing fstab (LP: #1877078) -- Michael Biebl Mon, 08 Jun 2020 00:56:37 +0200 systemd (245.5-3) unstable; urgency=medium [ Michael Biebl ] * Bump priority of libnss-systemd to standard * logind: avoid shadow lookups when doing userdb client side * Disable DNSSEC support by default in resolved. The upstream default, DNSSEC=allow-downgrade can lead to compatibility issues with certain network access points. Previously, DNSSEC support was only turned off when built for a stable Debian release, but it is safer and more consistent to just generally change the default to DNSSEC=no. (Closes: #959996) * Bump debhelper compatibility level to 13. Use the debhelper-compat package to declare the compatibility level and drop debian/compat. * Convert to dh_installsystemd and disable dh_installsystemduser * Drop custom initramfs update code. Now handled by dh_installinitramfs which is enabled by default in compat level 12 and above. [ Dan Streetman ] * Cherry-pick fix from upstream master to adjust UseGateway= default - network: change UseGateway= default to UseRoutes= setting - network: honor SetDNSRoutes= even if UseGateway=False (LP: #1867375) [ Topi Miettinen ] * Delete empty lines at end of file. Upstream commit hooks don't allow empty lines and of course they serve no purpose. -- Michael Biebl Sun, 17 May 2020 19:28:49 +0200 systemd (245.5-2) unstable; urgency=medium * Cherry-pick various fixes from upstream master - network: add a flag to ignore gateway provided by DHCP server - userdb: when doing client-side NSS look-ups optionally avoid shadow look-ups - nss-systemd: don't synthesize root/nobody when iterating - core: make sure we don't get confused when setting TERM for a tty fd - core: make sure to restore the control command id, too * Install 60-block.rules in udev-udeb and initramfs-tools. The block device rules were split out from 60-persistent-storage.rules into its own rules file in v220. Those rules ensure that change events are emitted and the udev db is updated after metadata changes. Thanks to Pascal Hambourg (Closes: #958397) -- Michael Biebl Mon, 27 Apr 2020 17:38:44 +0200 systemd (245.5-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 245.5 * Rebase patches [ Dan Streetman ] * Follow symlinks when finding link files to copy into initramfs. If the /{etc,lib}/systemd/network directory itself is a symlink, the find command will not actually find any of the files in the dir it links to. Use the find -L param to follow symlinks. (LP: #1868892) * Remove Ubuntu-specific ondemand.service. New processors handle scaling/throttling in internal firmware (e.g. intel_pstate), and do not require OS config. Additionally, nobody else does this, not even Debian. -- Michael Biebl Sat, 18 Apr 2020 20:41:18 +0200 systemd (245.4-4) unstable; urgency=medium * Drop Conflicts: virtualbox-guest-utils from systemd-timesyncd. Otherwise this could lead to virtualbox-guest-utils being uninstalled on upgrades which is not intended. (Closes: #956436) * pid1: automatically generate systemd-remount-fs.service deps, plus enable systemd-pstore from sysinit.target * Fix systemd-pstore.service enablement symlink on upgrades. It is now started via sysinit.target. Also clean up the symlink on purge. -- Michael Biebl Mon, 13 Apr 2020 11:34:31 +0200 systemd (245.4-3) unstable; urgency=medium [ Dan Streetman ] * d/rules: in dh_auto_test, include meson param --print-errorlogs. Also, don't cat testlog.txt; it's noisy and not very helpful. Upstream request: https://github.com/systemd/systemd/pull/14338#issuecomment-603432989 [ Michael Biebl ] * pid1: by default make user units inherit their umask from the user manager (Closes: #945000) * user-util: rework how we validate user names. This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenever we allocate a new user, while "relaxed" mode is used when we process users registered elsewhere. (Closes: #955541) -- Michael Biebl Fri, 10 Apr 2020 11:55:15 +0200 systemd (245.4-2) unstable; urgency=medium [ Balint Reczey ] * Ship systemd-timesyncd in a separate package. The new systemd-timesyncd package conflicting with other NTP-related packages resolves the problems arising when running systemd-timesyncd and other NTP servers on the same system. (LP: #1849156, Closes: #805927, #947936) -- Michael Biebl Sat, 04 Apr 2020 08:59:50 +0200 systemd (245.4-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 245.4 - Allow names starting with a digit (Closes: #954174) - Recognize davfs as network file system (Closes: #954755) * Enable systemd-pstore.service by default on new installs and upgrades (Closes: #952767) * Revert "Enable seccomp support on riscv64" This requires further changes to the source code and a newer, not yet officially released, libseccomp. Since this complicates backports revert this change for the time being. [ Dan Streetman ] * d/t/logind: use grep -s when checking /sys/power/state. Some kernels in Ubuntu (e.g. linux-kvm) do not enable CONFIG_PM, which results in stderr output when the logind test tries to grep the power state file, causing the test to fail. The test already handles skipping the test if suspend isn't supported, so just use -s to suppress grep from printing to stderr if the file doesn't exist. -- Michael Biebl Thu, 02 Apr 2020 11:58:18 +0200 systemd (245.2-1) unstable; urgency=medium * New upstream version 245.2 * Rebase patches * Enable seccomp support on riscv64 (Closes: #954077) * Drop migration code for the switch from DynamicUser=yes to no. This code is no longer needed as it only affected systems between 239-1 and 239-5, i.e. it never affected a stable release. -- Michael Biebl Wed, 18 Mar 2020 23:32:08 +0100 systemd (245-2) unstable; urgency=medium * Revert "job: Don't mark as redundant if deps are relevant" This change negatively affects plymouth which was no longer properly stopped after the system has completed booting. The running plymouth daemon can trigger a VT switch (to tty1). (Closes: #953670) -- Michael Biebl Thu, 12 Mar 2020 13:55:26 +0100 systemd (245-1) unstable; urgency=medium [ Balint Reczey ] * New upstream version 245 * Refresh patches * Update symbols [ Michael Biebl ] * Disable repart, userdb, homed, fdisk, pwquality, p11kit feature. Those are new features which drag in new dependencies and need further review first. * analyze: Fix table time output * execute: Fix migration from DynamicUser=yes to no * Drop manual clean up of /var/lib/private/systemd/timesync. This is now done properly by systemd itself when a service switches from DynamicUser=yes to no. -- Michael Biebl Wed, 11 Mar 2020 13:33:37 +0100 systemd (244.3-1) unstable; urgency=medium * New upstream version 244.3 - Revert "Support Plugable UD-PRO8 dock" Unfortunately the same usb hub is used in other places, and causes numerous regressions. (Closes: #951330) -- Michael Biebl Sat, 15 Feb 2020 15:44:45 +0100 systemd (244.2-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 244.2 - polkit: when authorizing via PolicyKit re-resolve callback/userdata instead of caching it (CVE-2020-1712, Closes: #950732) * Rebase patches * Bump Standards-Version to 4.5.0 [ Balint Reczey ] * Remove empty /var/log/journal/ on purge -- Michael Biebl Fri, 07 Feb 2020 19:24:20 +0100 systemd (244.1-3) unstable; urgency=medium * Update documentation regarding network interface naming. Document that 73-usb-net-by-mac.link needs to be masked together with 99-default.link if one wants to disable the systemd naming scheme and keep the kernel-provided names. (Closes: #946196) * Update debian/rules clean target to remove all Python bytecode * Update systemd package description. Recommend init=/lib/systemd/systemd instead of init=/bin/systemd. The latter is just a compat symlink which might go away eventually. * shared/dropin: fix assert for invalid drop-in. Fixes an assertion when running systemctl cat on inexistent unit templates. (Closes: #950489) * core: call dynamic_user_acquire() only when 'group' is non-null. Fixes an assertion in systemd which could happen if a unit is reloaded and the unit is in bad-setting state. (Closes: #950409) * Don't fail upgrade if /proc is not mounted. Applying ACLs on /var/log/journal via systemd-tmpfiles requires a mounted /proc. Skip this step if /proc is not available, e.g. in a chroot. (Closes: #950533) -- Michael Biebl Tue, 04 Feb 2020 00:11:55 +0100 systemd (244.1-2) unstable; urgency=medium * Report status of libpam-systemd and libnss-systemd in systemd reportbug template. Since the libpam-systemd Recommends was moved from systemd to systemd-sysv we no longer get this information automatically, so request it explicitly. * Drop btrfs-progs Recommends from systemd-container. Upstream has dropped the logic of setting up /var/lib/machines as btrfs loopback mount so this Recommends is no longer necessary. * Fix processing of dpkg triggers in systemd. We need to use $@ instead of "$@" so we can iterate through the individual trigger names which are passed as a space separated list in the second argument. * Fix cleanup of timesyncd state directory * Enable persistent journal. Create /var/log/journal on upgrades and new installs. This enables persistent journal in auto mode. (Closes: #717388) -- Michael Biebl Sat, 01 Feb 2020 02:59:12 +0100 systemd (244.1-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 244.1 - network: fix segfault in parsing SendOption= (Closes: #946475) * core: don't allow perpetual units to be masked (Closes: #948710) [ Balint Reczey ] * debian/watch: Switch to watch tags at github.com/systemd/systemd-stable. Upstream point releases appear there. [ Helmut Grohne ] * Add basic support for the noinsttest build profile * Annotate dbus build dependency with The dbus library is needed for building tests. As such it must be present unless we disable both build time and installed tests. Previously, building with the nocheck profile worked, but it didn't reproduce a regular build. -- Michael Biebl Sat, 25 Jan 2020 18:53:23 +0100 systemd (244-3) unstable; urgency=medium * Update udev-udeb to use 73-usb-net-by-mac.link -- Michael Biebl Mon, 02 Dec 2019 23:44:52 +0100 systemd (244-2) unstable; urgency=medium * Add lintian override for udev. 60-autosuspend-chromiumos.rules triggers a udev-rule-missing-subsystem warning. This is a false positive, as SUBSYSTEM is tested at the beginning of the rules file. * Add lintian override for systemd-container systemd-nspawn@.service triggers a systemd-service-file-refers-to-unusual-wantedby-target warning but nspawn containers are supposed to be started via machines.target. * Make it easier to override MAC based name policy for USB network adapters. Replace 73-usb-net-by-mac.rules with 73-usb-net-by-mac.link. The .link file provides the same functionality but makes it easier to set a custom name for USB network adapters via the systemd.link mechanism. Thanks to Benjamin Poirier (Closes: #941636) * Move libpam-systemd Recommends from systemd to systemd-sysv. libpam-systemd is only really useful if systemd is PID 1 and the systemd package should be installable without affecting another installed init system. (Closes: #926316) * Upload to unstable -- Michael Biebl Mon, 02 Dec 2019 17:57:55 +0100 systemd (244-1) experimental; urgency=medium * New upstream version 244 - udev: do not propagate error when executing PROGRAM and IMPORT{program} (Closes: #944675) - sd-event: don't invalidate source type on disconnect (Closes: #945332) * Rebase patches -- Michael Biebl Sat, 30 Nov 2019 16:39:57 +0100 systemd (243-9) unstable; urgency=medium [ Daniel Kahn Gillmor ] * resolved: fix connection failures with TLS 1.3 and GnuTLS (Closes: #945507) -- Michael Biebl Fri, 29 Nov 2019 21:33:19 +0100 systemd (243-8) unstable; urgency=medium * udevadm: ignore EROFS and return earlier. Fixes failures of "udevadm trigger" in containers with a readonly /sys. (Closes: #944860) * udev: silence warning about PROGRAM+= or IMPORT+= rules (Closes: #944917) * man: add entry about SpeedMeter= (Closes: #944597) * udev: drop SystemCallArchitectures=native from systemd-udevd.service. We can't really control what helper programs are run from other udev rules. E.g. running i386 binaries under amd64 is a valid use case and should not trigger a SIGSYS failure. (Closes: #869719) -- Michael Biebl Tue, 19 Nov 2019 09:17:12 +0100 systemd (243-7) unstable; urgency=medium * Fix build failure on arm64 with libseccomp >= 2.4.2 -- Michael Biebl Fri, 15 Nov 2019 22:01:17 +0100 systemd (243-6) unstable; urgency=medium * Revert "sysusers: properly mark generated accounts as locked" We shouldn't lock the accounts because people actually need to use them, and if they are locked, various tools will refuse. * udev: ignore error caused by device disconnection. During an add or change event, the device may be disconnected. (Closes: #944586) * udev: do not append newline when writing attributes -- Michael Biebl Thu, 14 Nov 2019 14:09:49 +0100 systemd (243-5) unstable; urgency=medium * Switch default hierarchy (back) to hybrid. Since v243, the new upstream default is unified, but this still causes regressions in important packages, like LXC or Docker, so switch the default back to hybrid for now. * Drop masks for SysV init scripts that have been dropped * Drop masks for SysV init scripts provided by initscripts and bootlogd * logind: fix emission of PropertiesChanged signal for users and seats * Bump Standards Version to 4.4.1 * Upload to unstable -- Michael Biebl Mon, 11 Nov 2019 00:58:41 +0100 systemd (243-4) experimental; urgency=medium * Merge changes from unstable branch -- Michael Biebl Sat, 09 Nov 2019 01:15:08 +0100 systemd (243-3) experimental; urgency=medium * Import patches from v243-stable branch (up to ef677436aa) -- Michael Biebl Mon, 14 Oct 2019 15:26:01 +0200 systemd (243-2) experimental; urgency=medium * Import patches from v243-stable branch (up to fab6f010ac) -- Michael Biebl Sun, 22 Sep 2019 12:46:02 +0200 systemd (243-1) experimental; urgency=medium * New upstream version 243 * Merge changes from unstable branch -- Michael Biebl Thu, 05 Sep 2019 01:21:49 +0200 systemd (243~rc2-1) experimental; urgency=medium * New upstream version 243~rc2 - man: document that "systemd-analyze blame/critical-chain" is not useful to track down job latency. (Closes: #920234) - systemctl: process all units matched by a glob in the cat verb by default. (Closes: #904913) - units: automatically revert to /run logging on shutdown if necessary. Prevents /var staying busy on shutdown due to journald. (Closes: #851402) - bash-completion: don't sort syslog priorities. (Closes: #913222) - man: add example for setting multiple properties at once. (Closes: #807464) * Rebase patches * Update symbols file for libsystemd0 * core: stop removing non-existent and duplicate lookup paths * Install static-nodes-permissions.conf tmpfile in udev -- Michael Biebl Sat, 31 Aug 2019 00:20:41 +0200 systemd (242-8) unstable; urgency=medium [ Dan Streetman ] * d/extra/rules/73-special-net-names.rules: use $$ instead of $ in PROGRAM= value. Fixes incorrect variable substitution. * Rework and improve blacklist handling in debian/tests/upstream [ Balint Reczey ] * Various improvements to debian/extra/checkout-upstream making it more straightforward to override the default behaviour * Use package version as systemd's reported version (LP: #1849158) [ Michael Biebl] * debiant/tests/udev: replace deprecated ADTTMP with AUTOPKGTEST_TMP -- Michael Biebl Fri, 08 Nov 2019 23:18:00 +0100 systemd (242-7) unstable; urgency=medium * sleep: properly pass verb to sleep script * core: factor root_directory application out of apply_working_directory. Fixes RootDirectory not working when used in combination with User. (Closes: #939408) * shared/bus-util: drop trusted annotation from bus_open_system_watch_bind_with_description(). This ensures that access controls on systemd-resolved's D-Bus interface are enforced properly. (CVE-2019-15718, Closes: #939353) -- Michael Biebl Wed, 04 Sep 2019 19:34:17 +0200 systemd (242-6) unstable; urgency=medium [ Dan Streetman ] * d/t/control: upstream test requires qemu-system-ppc on ppc64el * d/t/control: install seabios for upstream test. Some archs (at least arm64) qemu implementation require the vga bios. [ Michael Biebl ] * Drop unused lintian override * network: fix ListenPort= in [WireGuard] section (Closes: #936198) * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices (Closes: #934589) * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space * Drop dbus activation stub service. Since dbus 1.11.0, a dbus-daemon that is run with --systemd-activation automatically assumes that o.fd.systemd1 is an activatable service. As a result, with a new enough dbus version, /usr/share/dbus-1/services/org.freedesktop.systemd1.service and /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service become unnecessary and can be removed. (Closes: #914015) * Revert "core: check start limit on condition checks too" If a unit was referenced too often, it hit the restart limit and the unit was marked as failed. Fixes a regression introduced in v242. (Closes: #935829) [ Michael Prokop ] * README.Debian: document KillUserProcesses behavior in Debian -- Michael Biebl Tue, 03 Sep 2019 11:09:07 +0200 systemd (242-5) unstable; urgency=medium [ Dan Streetman ] * d/rules: add CONFFGLAGS_UPSTREAM to dh_auto_configure -- params [ Michael Biebl ] * core: never propagate reload failure to service result. Fixes a regression introduced in v239 where the main process of a service unit gets killed on reload if ExecReload fails. (Closes: #936032) * shared/seccomp: add sync_file_range2. Some architectures need the arguments to be reordered because of alignment issues. Otherwise, it's the same as sync_file_range. Fixes sync_file_range failures in nspawn containers on arm, ppc. (Closes: #935091) * bash-completion: don't sort syslog priorities. By default, the available completions are sorted alphabetically, which is counterproductive in case of syslog priorities. Override the default behavior using the `nosort` option. (Closes: #913222) * test-bpf: skip test when run inside containers -- Michael Biebl Thu, 29 Aug 2019 16:18:18 +0200 systemd (242-4) unstable; urgency=medium * Upload to unstable -- Michael Biebl Wed, 21 Aug 2019 22:09:13 +0200 systemd (242-3) experimental; urgency=medium [ Dan Streetman ] * d/t/boot-and-services: fix test_failing() * d/t/boot-and-services: check for any kernel message, not just first kernel message (Closes: #929730) * d/t/upstream: add TEST-30, TEST-34 to blacklist * d/t/timedated: replace systemctl is-active with systemctl show * d/t/control: root-unittests can break networking, add breaks-testbed * d/t/control: mark udev test skippable * d/t/upstream: always cleanup after (and before) each test * d/t/control: upstream test requires dmeventd * d/e/checkout-upstream: don't remove .git * d/e/checkout-upstream: move change to debian/ files above other changes * d/e/checkout-upstream: add UPSTREAM_KEEP_CHANGELOG param * d/e/checkout-upstream: create git commits for each change * d/e/checkout-upstream: switch from 'quilt' to 'native' format * d/e/checkout-upstream: set user.name, user.email if unset * d/t/storage: change plaintext_name to include testname * d/t/storage: increase wait for plaintext_dev from 5 to 30 seconds * d/t/storage: wait for service to start, only stop if active * d/t/storage: don't search for 'scsi_debug' in ask_password * d/t/storage: manage scsi_debug using add_hosts (Closes: #929728) * d/t/storage: use short timeout waiting for scsi_debug block dev to appear * d/t/storage: convert password agent into normal Thread * d/t/storage: fail if socket info not in ask_password contents * d/t/boot-smoke: pass failure reason to fail() to print instead of separate echo * d/t/boot-smoke: in fail() set +e so errors are ignored while gathering data * d/t/boot-smoke: gather still running jobs in fail() * d/t/boot-smoke: wait for is-system-running * d/t/boot-smoke: call fail if pidof polkitd fails * d/t/boot-smoke: remove check for running jobs [ Michael Biebl ] * d/t/boot-smoke: check for NetworkManager instead of D-Bus activated polkitd (Closes: #934992) -- Michael Biebl Wed, 21 Aug 2019 00:12:22 +0200 systemd (242-2) experimental; urgency=medium [ Michael Biebl ] * Drop dependency on lsb-base. It is only needed when booting with sysvinit and initscripts, but initscripts already Depends on lsb-base (see #864999). * Stop removing enablement symlinks in /etc/systemd/system. With v242 this is no longer necessary as `ninja install` will no longer create those symlinks. * Replace manual removal of halt-local.service with upstream patch [ Dimitri John Ledkov ] * Build manpages in .deb variant. Upstream snapshots are switching to building manpages off by default. [ Luca Boccassi ] * Enable portabled and install related files in systemd-container. Keep disabled for the udeb profile. (Closes: #918606) -- Michael Biebl Fri, 07 Jun 2019 22:41:50 +0200 systemd (242-1) experimental; urgency=medium * New upstream version 242 - Change ownership/mode of the execution directories also for static users (Closes: #919231) - A new boolean sandboxing option RestrictSUIDSGID= has been added that is built on seccomp. When turned on, creation of SUID/SGID files is prohibited. The NoNewPrivileges= and the new RestrictSUIDSGID= options are now implied if DynamicUser= is turned on for a service. (Closes: #928102, CVE-2019-3843, CVE-2019-3844) * Drop Revert-udev-network-device-renaming-immediately-give.patch. This patch needs ongoing maintenance work to be adapted to new releases and fails to apply with v242. Instead of investing more time into it we are going to drop the patch as it was a hack anyway. * Rebase patches * Drop pre-stretch migration code * Drop /sbin/udevadm compat symlink (Closes: #852580) * socket-util: Make sure flush_accept() doesn't hang on unexpected EOPNOTSUPP * Enable regexp matching support in journalctl using pcre2 (Closes: #898892) * Switch from libidn to libidn2 (Closes: #928615) -- Michael Biebl Wed, 08 May 2019 01:33:56 +0200 systemd (241-7) unstable; urgency=medium [ Michael Biebl ] * network: Fix failure to bring up interface with Linux kernel 5.2. Backport two patches from systemd master in order to fix a bug with 5.2 kernels where the network interface fails to come up with the following error: "enp3s0: Could not bring up interface: Invalid argument" (Closes: #931636) * Use /usr/sbin/nologin as nologin shell. In Debian the nologin shell is installed in /usr/sbin, not /sbin. (Closes: #931850) [ Mert Dirik ] * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset (Closes: #931719) -- Michael Biebl Thu, 18 Jul 2019 19:38:23 +0200 systemd (241-6) unstable; urgency=medium * ask-password: Prevent buffer overflow when reading from keyring. Fixes a possible memory corruption that causes systemd-cryptsetup to crash either when a single large password is used or when multiple passwords have already been pushed to the keyring. (Closes: #929726) * Clarify documentation regarding %h/%u/%U specifiers. Make it clear, that setting "User=" has no effect on those specifiers. Also ensure that "%h" is actually resolved to "/root" for the system manager instance as documented in the systemd.unit man page. (Closes: #927911) * network: Behave more gracefully when IPv6 has been disabled. Ignore any configured IPv6 settings when IPv6 has been disabled in the kernel via sysctl. Instead of failing completely, continue and log a warning instead. (Closes: #929469) -- Michael Biebl Mon, 08 Jul 2019 11:27:51 +0200 systemd (241-5) unstable; urgency=medium * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This change left the keyboard in an unusable state when exiting an X session. (Closes: #929229) -- Michael Biebl Fri, 24 May 2019 22:58:59 +0200 systemd (241-4) unstable; urgency=medium * journal-remote: Do not request Content-Length if Transfer-Encoding is chunked (Closes: #927008) * systemctl: Restore "systemctl reboot ARG" functionality. Fixes a regression introduced in v240. (Closes: #928659) * random-util: Eat up bad RDRAND values seen on AMD CPUs. Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle while still reporting success via the carry flag. Filter out invalid data like -1 (and also 0, just to be sure). (Closes: #921267) * Add check to switch VTs only between K_XLATE or K_UNICODE. Switching to K_UNICODE from other than L_XLATE can make the keyboard unusable and possibly leak keypresses from X. (CVE-2018-20839, Closes: #929116) * Document that DRM render nodes are now owned by group "render" (Closes: #926886) -- Michael Biebl Fri, 17 May 2019 21:16:33 +0200 systemd (241-3) unstable; urgency=high [ Michael Biebl ] * Drop systemd-shim alternative from libpam-systemd. A fixed systemd-shim package which works with newer versions of systemd is unlikely to happen given that the systemd-shim package has been removed from the archive. Drop the alternative dependency from libpam-systemd accordingly. * Properly remove duplicate directories from systemd package. When removing duplicate directories from the systemd package, sort the list of directories in reverse order so we properly delete nested directories. * udev: Run programs in the specified order (Closes: #925190) * bash-completion: Use default completion for redirect operators (Closes: #924541) * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's (Closes: #815582) * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" Apparently Conflicts= are not a reliable mechanism to ensure alternative NTP implementations take precedence over systemd-timesyncd. (Closes: #902026) * network: Fix routing policy rule issue. When multiple links request a routing policy, make sure they are all applied correctly. (Closes: #924406) * pam-systemd: Use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) [ Martin Pitt ] * Enable udev autopkgtest in containers. This test doesn't actually need udev.service (which is disabled in containers) and works fine in LXC. * Enable boot-and-service autopkgtest in containers - Skip tests which can't work in containers. - Add missing rsyslog test dependency. - e2scrub_reap.service fails in containers, ignore (filed as #926138) - Relax pgrep pattern for gdm, as there's no wayland session in containers. -- Michael Biebl Mon, 08 Apr 2019 12:59:32 +0200 systemd (241-2) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-smoke: Create journal and udevdb artifacts on all failures * autopkgtests: Replace obsolete $ADT_* variables * networkd-test: Ignore failures of test_route_only_dns* in containers. This test exposes a race condition when running in LXC, see issue #11848 for details. Until that is understood and fixed, skip the test as it's not a recent regression. (Closes: #924539) * Bump Standards-Version to 4.3.0. No changes necessary. * debian/tests/boot-smoke: Only check current boot for connection timeouts. Otherwise we'll catch some Failed to resolve group 'render': Connection timed out messages that happen in earlier boots during VM setup, before the "render" group is created. Fixes https://github.com/systemd/systemd/issues/11875 * timedated: Fix emitted value when ntp client is enabled/disabled. Fixes a regression introduced in 241. * debian/tests/timedated: Check enabling/disabling NTP. Assert that `timedatectl set-ntp` correctly controls the service, sets the `org.freedesktop.timedate1 NTP` property, and sends the right `PropertiesChanged` signal. This reproduces and also the earlier . [ Michael Biebl ] * Disable fallback DNS servers in resolved (Closes: #923081) * cgtop: Fix processing of controllers other than CPU (Closes: #921280) * udev: Restore debug level when logging a failure in the external prog called by IMPORT{program} (Closes: #924199) * core: Remove "." path components from required mount paths. Fixes mount related failures when a user's home directory contains "/./" (Closes: #923881) * udev.init: Use new s-s-d --notify-await to start udev daemon. Fixes a race condition during startup under SysV init. Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version of start-stop-daemon which supports --notify-await is installed. (Closes: #908796) * Make /dev/dri/renderD* accessible to group "render" Follow upstream and make render nodes available to a dedicated system group "render" instead of "video". Keep the uaccess tag for local, active users. -- Michael Biebl Fri, 15 Mar 2019 18:33:54 +0100 systemd (241-1) unstable; urgency=medium [ Adam Borowski ] * Make libpam-systemd Provide: logind, default-logind. This allows alternate logind implementations such as elogind, without having to recompile every dependent package -- as long as the client API remains compatible. These new virtual packages got policy-approved in #917431. (Closes: #915407) [ Felipe Sateler ] * New upstream version 241 - Refresh patches - Backport upstream fix for Driver= matches in .network files [ Martin Pitt ] * debian/libsystemd0.symbols: Add new symbol from release 241 * Fix various bugs and races in networkd tests. This should get the autopkgtest back to green, which regressed with dnsmasq 2.80. -- Felipe Sateler Thu, 21 Feb 2019 20:10:15 -0300 systemd (240-6) unstable; urgency=high * High urgency as this fixes a vulnerability. [ Felipe Sateler ] * Reenable pristine-tar in gbp.conf. The pristine-tar bug has been fixed, so we can use it again. This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e. * d/watch: add version mangle to transform -rc to ~rc. Upstream has started releasing rcs, so let's account for that * Fix comment about why we disable hwclock.service. Systemd nowadays doesn't do it itself because the kernel does it on its own when necessary, and when not, it is not safe to save the hwclock (eg, there is no certainty the system clock is correct) * udev: Backport upstream preventing mass killings when not running under systemd (Closes: #918764) [ Dimitri John Ledkov ] * debian/tests/storage: improve cleanups. On fast ppc64el machines, cryptsetup start job may not complete by the time tearDown is executed. In that case stop, causes to simply cancel the start job without actually cleaning up the dmsetup node. This leads to failing subsequent test as it no longer starts with a clean device. Thus ensure the systemd-cryptsetup unit is started, before stopping it. Also rmmod scsi_debug module at the end, to allow re-running the test in a loop. * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey. * debian/tests/control: add socat to upstream tests for pull #11591 * Blacklist TEST-10-ISSUE-2467 #11706 * debian/tests/storage: fix for LUKS2 and avoid interactive password prompts. [ Martin Pitt ] * udevadm: Fix segfault with subsystem-match containing '/' (Closes: #919206) * sd-bus: if we receive an invalid dbus message, ignore and proceed * sd-bus: enforce a size limit on D-Bus object paths. This avoids accessing/modifying memory outside of the allocated stack region by sending specially crafted D-Bus messages with very large object paths. Vulnerability discovered by Chris Coulson , patch provided by Riccardo Schirone . (CVE-2019-6454) -- Martin Pitt Mon, 18 Feb 2019 13:54:04 +0000 systemd (240-5) unstable; urgency=medium [ Felipe Sateler ] * Revert interface renaming changes. (Closes: #919390) [ Martin Pitt ] * process-util: Fix memory leak (Closes: #920018) -- Martin Pitt Sun, 27 Jan 2019 21:33:07 +0000 systemd (240-4) unstable; urgency=medium [ Benjamin Drung ] * Fix shellcheck issues in initramfs-tools scripts [ Michael Biebl ] * Import patches from v240-stable branch (up to f02b5472c6) - Fixes a problem in logind closing the controlling terminal when using startx. (Closes: #918927) - Fixes various journald vulnerabilities via attacker controlled alloca. (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848) * sd-device-monitor: Fix ordering of setting buffer size. Fixes an issue with uevents not being processed properly during coldplug stage and some kernel modules not being loaded via "udevadm trigger". (Closes: #917607) * meson: Stop setting -fPIE globally. Setting -fPIE globally can lead to miscompilations on certain architectures. Instead use the b_pie=true build option, which was introduced in meson 0.49. Bump the Build-Depends accordingly. (Closes: #909396) -- Michael Biebl Sat, 12 Jan 2019 21:49:44 +0100 systemd (240-3) unstable; urgency=medium * udev.init: Trigger add events for subsystems. Update the SysV init script and mimic the behaviour of the initramfs and systemd-udev-trigger.service which first trigger subsystems and then devices during the coldplug stage. * udevadm: Refuse to run trigger, control, settle and monitor commands in chroot (Closes: #917633) * network: Set link state configuring before setting addresses. Fixes a crash in systemd-networkd caused by an assertion failure. (Closes: #918658) * libudev-util: Make util_replace_whitespace() read only len characters. Fixes a regression where /dev/disk/by-id/ names had additional underscores. * man: Update color of journal logs in DEBUG level (Closes: #917948) * Remove old state directory of systemd-timesyncd on upgrades. Otherwise timesyncd will fail to update the clock file if it was created as /var/lib/private/systemd/timesync/clock. This was the case when the service was using DynamicUser=yes which it no longer does in v240. (Closes: #918190) -- Michael Biebl Wed, 09 Jan 2019 18:40:57 +0100 systemd (240-2) unstable; urgency=medium * Pass separate dev_t var to device_path_parse_major_minor. Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195) * test-json: Check absolute and relative difference in floating point test. Fixes FTBFS due to test-suite failures on armel, armhf and hppa. (Closes: #917215) * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}() Fixes a segfault in systemd-udevd when debug logging is enabled. * udev-event: Do not read stdout or stderr if the pipefd is not created. This fixes problems with device-mapper symlinks no longer being created or certain devices not being marked as ready. (Closes: #917124) * Don't bump fs.nr_open in PID 1. In v240, systemd bumped fs.nr_open in PID 1 to the highest possible value. Processes that are spawned directly by systemd, will have RLIMIT_NOFILE be set to 512K (hard). pam_limits in Debian defaults to "set_all", i.e. for limits which are not explicitly configured in /etc/security/limits.conf, the value from PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to the highest possible value instead of 512K. Not every software is able to deal with such an RLIMIT_NOFILE properly. While this is arguably a questionable default in Debian's pam_limit, work around this problem by not bumping fs.nr_open in PID 1. (Closes: #917167) -- Michael Biebl Thu, 27 Dec 2018 14:03:57 +0100 systemd (240-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 240 - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB (Closes: #903011) - machined: Rework referencing of machine scopes from machined (Closes: #903288) - timesync: Fix serialization of IP address (Closes: #916516) - core: Don't track jobs-finishing-during-reload explicitly (Closes: #916678) * Rebase patches * Install new systemd-id128 binary * Update symbols file for libsystemd0 * Update nss build options [ Martin Pitt ] * tests: Disable some flaky upstream tests. See https://github.com/systemd/systemd/issues/11195 * tests: Disable flaky TEST-17-UDEV-WANTS upstream test. See https://github.com/systemd/systemd/issues/11195 -- Michael Biebl Sat, 22 Dec 2018 16:01:43 +0100 systemd (239-15) unstable; urgency=medium [ Felipe Sateler ] * Fix container check in udev init script. Udev needs writable /sys, so the init script tried to check before starting. Unfortunately, the check was inverted. Let's add the missing '!' to negate the check. (Closes: #915261) * Add myself to uploaders [ Michael Biebl ] * Remove obsolete systemd-shim conffile on upgrades. The D-Bus policy file was dropped from the systemd-shim package in version 8-4, but apparently there are cases where users removed the package before that cleanup happened. The D-Bus policy file that was shipped by systemd-shim was much more restrictive and now prevents calling GetDynamicUsers() and other recent APIs on systemd Manager. (Closes: #914285) -- Felipe Sateler Wed, 05 Dec 2018 21:03:34 -0300 systemd (239-14) unstable; urgency=medium [ Michael Biebl ] * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services * resolved: Increase size of TCP stub replies (Closes: #915049) * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE. Fixes a build failure with glibc 2.28. * Drop procps dependency from systemd. The systemd-exit.service user service no longer uses the "kill" binary. * Simplify container check in udev SysV init script. Instead of using "ps" to detect a container environment, simply test if /sys is writable. This matches what's used in systemd-udevd.service via ConditionPathIsReadWrite=/sys and follows https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ This means we no longer need procps, so drop that dependency from the udev package. (Closes: #915095) [ Mert Dirik ] * 40-systemd: Honour __init_d_script_name. Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name (if available) to figure out real script name. (Closes: #826214) * 40-systemd: Improve heuristics for init-d-script. Improve heuristics for scripts run via init-d-script so that the redirection works even for older init-d-script versions without the __init_d_script_name variable. -- Michael Biebl Sun, 02 Dec 2018 01:00:01 +0100 systemd (239-13) unstable; urgency=medium * autopktest: Add e2fsprogs dependency to upstream test. Some of the upstream tests require mkfs.ext4. (Closes: #887250) * systemctl: Tell update-rc.d to skip creating any systemd symlinks. When calling update-rc.d via systemd-sysv-install, tell it to skip creating any systemd symlinks as we want to handle those directly in systemctl. Older update-rc.d versions will ignore that request, but that's ok. This means we don't need a versioned dependency against init-system-helpers. (Closes: #743217) * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off (Closes: #825949) * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch. The patch is no longer necessary as lxc.service now uses Delegate=yes. * Remove obsolete Replaces from pre-jessie -- Michael Biebl Tue, 20 Nov 2018 19:44:39 +0100 systemd (239-12) unstable; urgency=high [ Martin Pitt ] * Enable QEMU on more architectures in "upstream" autopkgtest. Taken from the Ubuntu package, so apparently QEMU works well enough on these architectures now. * autopkgtest: Avoid test bed reset for boot-smoke. Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so that autopkgtest doesn't have to provide a new testbed. * Fix wrong "nobody" group from sysusers.d. Fix our make-sysusers-basic sysusers.d generator to special-case the nobody group. "nobody" user and "nogroup" group both have the same ID 65534, which is the only special case for Debian's static users/groups. So specify the gid explicitly, to avoid systemd-sysusers creating a dynamic system group for "nobody". Also clean up the group on upgrades. Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525) [ Michael Biebl ] * autopkgtest: Use shutil.which() which is provided by Python 3 * Drop non-existing gnuefi=false build option. This was mistakenly added when converting from autotools to meson. * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …) Fixes a vulnerability in unit_deserialize which allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. (CVE-2018-15686, Closes: #912005) * meson: Use the host architecture compiler/linker for src/boot/efi. Fixes cross build failure for arm64. (Closes: #905381) * systemd: Do not pass .wants fragment path to manager_load_unit. Fixes an issue with overridden units in /etc not being used due to a .wants/ symlink pointing to /lib. (Closes: #907054) * machined: When reading os-release file, join PID namespace too. This ensures that we properly acquire the os-release file from containers. (Closes: #911231) -- Michael Biebl Sat, 17 Nov 2018 18:39:21 +0100 systemd (239-11) unstable; urgency=high [ Michael Biebl ] * debian/tests/upstream: Clean up after each test run. Otherwise the loopback images used by qemu are not properly released and we might run out of disk space. * dhcp6: Make sure we have enough space for the DHCP6 option header. Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option handling. (CVE-2018-15688, LP: #1795921, Closes: #912008) * chown-recursive: Rework the recursive logic to use O_PATH. Fixes a race condition in chown_one() which allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. (CVE-2018-15687, LP: #1796692, Closes: #912007) [ Martin Pitt ] * debian/tests/boot-and-services: Use gdm instead of lightdm. This seems to work more reliably, on Ubuntu CI's i386 instances lightdm fails. [ Manuel A. Fernandez Montecelo ] * Run "meson test" instead of "ninja test" Upstream developers of meson recommend to run it in this way, because "ninja test" just calls "meson test", and by using meson directly and using extra command line arguments it is possible to control aspects of how the tests are run. * Increase timeout for test in riscv64. The buildds for the riscv64 arch used at the moment are slow, so increase the timeouts for this arch by a factor of 10, for good measure. (Closes: #906429) -- Michael Biebl Sun, 28 Oct 2018 13:02:18 +0100 systemd (239-10) unstable; urgency=medium [ Michael Biebl ] * meson: Rename -Ddebug to -Ddebug-extra. Meson added -Doptimization and -Ddebug options, which obviously causes a conflict with our -Ddebug options. Let's rename it. (Closes: #909455) * Add conflicts against consolekit. Letting both ConsoleKit and logind manage dynamic device permissions will only lead to inconsistent and unexpected results. [ Felipe Sateler ] * Link systemctl binary statically against libshared. This reduces the Pre-Depends list considerably, and is more resilient against borked installs. -- Michael Biebl Tue, 25 Sep 2018 16:11:12 +0200 systemd (239-9) unstable; urgency=medium * autopkgtest: Remove needs-recommends runtime restriction. This restriction has been deprecated and there are plans to remove it altogether. The tests pass withouth needs-recommends, so it seems safe to remove. * test: Use installed catalogs when test-catalog is not located at build dir. This makes it possible to run test-catalog as installed test, so we no longer need to mark it as EXFAIL in our root-unittests autopkgtest. * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and $SYSTEMD_CATALOG_DIR. This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and the test binaries and should make the build reproducible. (Closes: #908365) -- Michael Biebl Wed, 12 Sep 2018 19:07:38 +0200 systemd (239-8) unstable; urgency=medium [ Michael Biebl ] * Clean up dbus-org.freedesktop.timesync1.service Alias on purge (Closes: #904290) * user-runtime-dir: Fix wrong SELinux context (Closes: #908026) * core: Fix gid when DynamicUser=yes with static user (Closes: #904335) * Remove udev control socket on shutdown under sysvinit. The udev control socket is no longer removed automatically when the daemon is stopped. As this can confuse other software, update the SysV init script to remove the control socket manually and make sure the init script is executed on shutdown (runlevel 0) and reboot (runlevel 6). (Closes: #791944) * Bump Standards-Version to 4.2.1 [ Martin Pitt ] * timedated: Fix wrong PropertyChanged values and refcounting -- Michael Biebl Fri, 07 Sep 2018 08:41:12 +0200 systemd (239-7) unstable; urgency=medium * autopkgtest: Add iputils-ping dependency to root-unittests. The ping binary is required by test-bpf. * autopkgtest: Add dbus-user-session and libpam-systemd dependency to root-unittests. Without a working D-Bus user session, a lot of the test-bus-* tests are skipped. * network/link: Fix logic error in matching devices by MAC (Closes: #904198) -- Michael Biebl Sun, 22 Jul 2018 13:40:15 +0200 systemd (239-6) unstable; urgency=medium [ Martin Pitt ] * autopkgtest: Install libnss-systemd. Make sure that dynamic users can be resolved. This e. g. prevents a startup failure for systemd-resolved. * autopkgtest: Add missing python3 test dependency for udev test [ Michael Biebl ] * autopkgtest: Make AppArmor violator test work with merged-usr * Make /dev/kvm accessible to local users and group kvm. Re-add the uaccess tag to /dev/kvm to make it accessible to local users. Access is also granted via group kvm, so create that in udev.postinst. (Closes: #887852) * Move a few man pages from systemd to systemd-journal-remote. The systemd package shipped a few systemd-journal-remote and systemd-journal-upload related man pages which really belong into the systemd-journal-remote package. Move those man pages into the correct package and add a Breaks/Replaces against systemd accordingly. (Closes: #903557) * autopkgtest: Drop no-longer needed workaround from upstream test * Go back to statically allocate system users for timesyncd, networkd and resolved. There are currently too many open issues related to D-Bus and the usage of DynamicUser. (Closes: #902971) * Change python3-minimal dependency to python3. While we strictly only need python3-minimal, the usage of python3-minimal triggers a lintian error: depends-on-python-minimal * test: Drop SKIP_INITRD for QEMU-based tests. The Debian Linux kernel ships ext4 support as a module, so we require an initrd to successfully start the QEMU images. * debian/tests/localed-x11-keymap: Deal with absence of /etc/default/keyboard more gracefully * autopkgtest: Add various dependencies to make upstream test pass on Debian - netcat-openbsd: Required by TEST-12-ISSUE-3171. - busybox-static: Required by TEST-13-NSPAWN-SMOKE. - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES. * Drop seccomp system call filter for udev. The seccomp based system call whitelist requires at least systemd 239 to be the active init and during a dist-upgrade we can't guarantee that systemd has been fully configured before udev is restarted. The versioned systemd Breaks that was added to udev for #902185 didn't really fix this issue, so revert that change again. (Closes: #903224) -- Michael Biebl Thu, 19 Jul 2018 00:04:54 +0200 systemd (239-5) unstable; urgency=medium * Add inverse version restriction of the Breaks to the systemd-shim alternative in libpam-systemd. Otherwise apt will fail to find an installation path for libpam-systemd in cases where libpam-systemd is an indirect dependency. (Closes: #902998) -- Michael Biebl Thu, 05 Jul 2018 11:50:10 +0200 systemd (239-4) unstable; urgency=medium [ Michael Biebl ] * Drop outdated section from README.Debian about switching back to SysV init * sleep: Fix one more printf format of a fiemap field * basic: Add missing comma in raw_clone assembly for sparc * bus-util: Make log level lower in request_name_destroy_callback() * tmpfiles: Specify access mode for /run/systemd/netif * Add Breaks against python-dbusmock (<< 0.18) to systemd. The logind and timedated tests in python-dbusmock were broken by the latest systemd release and had to be adjusted to work with systemd 239. See #902602 * Drop patches which try to support running systemd services without systemd as pid 1. No one is currently actively maintaining systemd-shim, which means that e.g. running systemd-logind no longer works when systemd is not pid 1. Thus drop our no longer working patches. Bump the Breaks against systemd-shim accordingly. See #895292, #901404, #901405 [ Martin Pitt ] * test: fix networkd-test.py rate limiting and dynamic user -- Michael Biebl Tue, 03 Jul 2018 23:36:28 +0200 systemd (239-3) unstable; urgency=medium * Revert "systemctl: when removing enablement or mask symlinks, cover both /run and /etc" We currently have packages in the archive which use "systemctl --runtime unmask" and are broken by this change. This is a intermediate step until it is clear whether upstream will revert this commit or whether we will have to update affected packages to deal with this changed behaviour. See #902287 and https://github.com/systemd/systemd/issues/9393 -- Michael Biebl Wed, 27 Jun 2018 14:46:06 +0200 systemd (239-2) unstable; urgency=medium * sleep: Fix printf format of fiemap fields. This should fix a FTBFS on ia64. * timesync: Change type of drift_freq to int64_t. This should fix a FTBFS on x32. * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. The hardening features used by systemd-udevd.service require systemd 239 and udev will fail to start with older versions. (Closes: #902185) -- Michael Biebl Wed, 27 Jun 2018 13:59:24 +0200 systemd (239-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 239 * Drop alternative iptables-dev Build-Depends. It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in their latest stable (LTS) release. * Drop alternative btrfs-tools Recommends. It is no longer needed as btrfs-progs is now available in both Debian and Ubuntu and keeping the alternative around prevents the transitional package from being autoremoved. * Disable installation of RPM macros. This avoids having to remove them manually later on. * Drop cleanup rules for libtool .la files. With the switch to Meson, libtool is no longer used. * Drop fallback for older kernels when running the test suite. We now assume that we have a kernel newer then 3.13. * Stop cleaning up .busname units. Those are gone upstream, so we no longer need to remove them manually. * Update symbols file for libsystemd0 * Rebase patches * Install new resolvectl tool. Don't ship the /sbin/resolvconf compat symlink in the systemd package, as this would cause a file conflict with the resolvconf and openresolv package. * Disable support for "Portable Services" This is still an experimental feature. * Disable pristine-tar in gbp.conf. It is currently not possible to import the systemd v239 tarball using pristine-tar due to #902115. * Bump Build-Depends on meson to (>= 0.44) * Stop setting the path for the kill binary, no longer necessary * Stop creating systemd-network and systemd-resolve system user systemd-networkd.service and systemd-resolved.service now use DynamicUser=yes. [ Dimitri John Ledkov ] * Run all upstream tests, and then report all that failed. -- Michael Biebl Sat, 23 Jun 2018 00:18:08 +0200 systemd (238-5) unstable; urgency=medium [ Evgeny Vereshchagin ] * upstream autopkgtest: Copy journal subdirectories. Otherwise logs are missing on failures. [ Martin Pitt ] * debian/tests/boot-and-services: Ignore cpi.service failure. This is apparently a regression in Ubuntu 18.04, not in systemd, so ignore it. [ Michael Biebl ] * sd-bus: Do not try to close already closed fd (Closes: #896781) * Use dh_missing to act on uninstalled files. The usage of dh_install --fail-missing has been deprecated. * meson: Avoid warning about comparison of bool and string. The result of this is undefined and will become a hard error in a future Meson release. * login: Respect --no-wall when cancelling a shutdown request (Closes: #897938) * Add dependencies of libsystemd-shared to Pre-Depends. This is necessary so systemctl is functional at all times during a dist-upgrade. (Closes: #897986) * Drop dh_strip override, the dbgsym migration is done [ Felipe Sateler ] * Don't include libmount.h in a header file. Kernel and glibc headers both use MS_* constants, but are not in sync, so only one of them can be used at a time. Thus, only import them where needed. Works around #898743. -- Michael Biebl Sat, 26 May 2018 10:31:29 +0200 systemd (238-4) unstable; urgency=medium [ Michael Biebl ] * udev/net-id: Fix check for address to keep interface names stable * debian/copyright: Move global wildcard section to the top [ Martin Pitt ] * Fix daemon reload failures [ Laurent Bigonville ] * Fix /sys/fs/cgroup mount when using SELinux. Since v236, all cgroups except /sys/fs/cgroup/systemd and /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in permissive mode). Disabling SELinux completely restores these cgroups. This patch fixes that issue by no longer making the assumption that those cgroups are mounted by initrd/dracut before systemd is started. -- Michael Biebl Sun, 01 Apr 2018 13:02:57 +0200 systemd (238-3) unstable; urgency=medium [ Martin Pitt ] * Enable systemd-sysusers unit and provide correct Debian static u/gids. Add a helper script debian/extra/make-sysusers-basic which generates a sysusers.d(5) file from Debian's static master passwd/group files. systemd 238 now supports specifying different uid and gid and a non-default login shell, so this is possible now. (Closes: #888126) * udev README.Debian: Include initrd rebuild and some clarifications in migration. While initrd update is already being mentioned in the introductory section, it is easy to miss when going through the migration steps, so explicitly mention it again. Also add a warning about keeping a fallback on misconfigurations, and the possibility to migrate one interface at a time. Thanks to Karl O. Pinc for the suggestions! (Closes: #881769) [ Michael Biebl ] * basic/macros: Rename noreturn into _noreturn_. "noreturn" is reserved and can be used in other header files we include. (Closes: #893426) * units: Fix SuccessAction that belongs to [Unit] section not [Service] section (Closes: #893282) -- Michael Biebl Tue, 20 Mar 2018 23:22:57 +0100 systemd (238-2) unstable; urgency=medium [ Alf Gaida ] * core: do not free stack-allocated strings. Fixes a crash in systemd when the cpuacct cgroup controller is not available. (Closes: #892360) -- Michael Biebl Sat, 10 Mar 2018 01:12:47 +0100 systemd (238-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 238 - Fixes systemd-tmpfiles to correctly handle symlinks present in non-terminal path components. (CVE-2018-6954, Closes: #890779) * Rebase patches * Use compat symlinks as provided by upstream. As the upstream build system now creates those symlinks for us, we no longer have to create them manually. * Update symbols file for libsystemd0 * test-cgroup-util: bail out when running under a buildd environment [ Dimitri John Ledkov ] * systemd-sysv-install: Fix name initialisation. Only initialise NAME after --root optional argument has been parsed, otherwise NAME is initialized to e.g. `enable`, instead of to the `unit-name`, resulting in failures. (LP: #1752882) -- Michael Biebl Wed, 07 Mar 2018 23:21:53 +0100 systemd (237-4) unstable; urgency=medium [ Gunnar Hjalmarsson ] * Fix PO template creation. Cherry-pick upstream patches to build a correct systemd.pot including the polkit policy files even without policykit-1 being installed. (LP: #1707898) [ Michael Biebl ] * Drop mask for fuse SysV init script. The fuse package has removed its SysV init script a long time ago, so the mask is no longer needed. * Replace two Debian specific patches which cherry-picks from upstream master -- Michael Biebl Wed, 28 Feb 2018 19:18:34 +0100 systemd (237-3) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-smoke: More robust journal checking. Also fail the test if calling journalctl fails, and avoid calling it twice. See https://github.com/systemd/systemd/pull/8032 * Simplify PO template creation. Use the existing upstream build system instead of a manual call to `intltool-update` and `xgettext` to build systemd.pot. Remove the now obsolete intltool build dependency, but still explicitly keep gettext. (LP: #1707898) * Make systemd-sysv-install robust against existing $ROOT. Always initialize `$ROOT`, to avoid the script getting confused by an existing outside env variable. Also fix the `--root` option to actually work, the previous approach was conceptually broken due to how shell quoting works. Make the work with `set -u`. (Closes: #890436) [ Felipe Sateler ] * Backport upstream patch fixing a wrong assert() call (Closes: #890423) -- Michael Biebl Wed, 14 Feb 2018 23:07:17 +0100 systemd (237-2) unstable; urgency=medium * Drop debian/extra/rules/70-debian-uaccess.rules. Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays. (Closes: #889665) * service: relax PID file symlink chain checks a bit. Let's read the PID file after all if there's a potentially unsafe symlink chain in place. But if we do, then refuse taking the PID if its outside of the cgroup. (Closes: #889144) -- Michael Biebl Fri, 09 Feb 2018 23:35:31 +0100 systemd (237-1) unstable; urgency=medium * New upstream version 237 * Rebase patches * Update symbols file for libsystemd0 * Update Vcs-* to point to https://salsa.debian.org * Bump Standards-Version to 4.1.3 * Set Rules-Requires-Root to no -- Michael Biebl Tue, 30 Jan 2018 01:55:24 +0100 systemd (236-4) unstable; urgency=medium [ Felipe Sateler ] * Allow systemd-timesyncd to start when libnss-systemd is not installed. Pick upstream patch requiring the existence of the systemd-timesync user only when running as root, which is not the case for the system unit. (Closes: #887343) [ Nicolas Braud-Santoni ] * debian/copyright: Refer to the CC0 license file (Closes: #882629) [ Michael Biebl ] * Add Build-Depends on python3-evdev This is used by hwdb/parse_hwdb.py to perform additional validation on hwdb files. -- Michael Biebl Sun, 28 Jan 2018 22:29:32 +0100 systemd (236-3) unstable; urgency=medium * Revert "core/execute: RuntimeDirectory= or friends requires mount namespace" This was making mounts from SSH sessions invisible to the system. (Closes: #885325) -- Michael Biebl Thu, 11 Jan 2018 16:46:04 +0100 systemd (236-2) unstable; urgency=medium * Downgrade priority of libudev1 to optional. This makes it compliant with recent versions of debian-policy which recommends to use priority optional for library packages. * Clarify NEWS entry about removal of system users. Mention in the recent NEWS entry that the associated system groups should be removed as well. (Closes: #885061) * cryptsetup-generator: Don't mistake NULL input as OOM. Fixes systemd-cryptsetup-generator failing to run during boot. (Closes: #885201) * analyze: Use normal bus connection for "plot" verb. Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506) * Stop re-enabling systemd services on every upgrade. This was done so changes to the [Install] section would be applied on upgrades. Forcefully re-enabling a service might overwrite local modifications though and thus far, none of the affected services did actually change its [Install] section. So remove this code from the maintainer scripts as it was apparently doing more harm then good. (Closes: #869354) -- Michael Biebl Tue, 02 Jan 2018 00:35:14 +0100 systemd (236-1) unstable; urgency=medium [ Martin Pitt ] * debian/tests/upstream: Only show ≥ warning in journal dumps. Showing the entire debug log is too hard to scan visually, and most of the time the warnings and errors are sufficient to explain a failure. Put the journal files into the artifacts though, in case the debug information is necessary. [ Michael Biebl ] * New upstream version 236 - nspawn: Adjust path to static resolv.conf to support split usr. (Closes: #881310) - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel. (Closes: #881823) - core: Fix segfault in compile_bind_mounts() when BindPaths= or BindReadOnlyPaths= is set. (Closes: #883380) - meson: Link NSS modules with -z nodelete to fix memory leak in nss-systemd. (Closes: #883407) - logind: Make sure we don't acces m->action_what if it's not initialized. (Closes: #882270) - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245) - core: Be more defensive if we can't determine per-connection socket peer. (Closes: #879603) - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether cgroup/bpf is available. (Closes: #878965) * Rebase patches * Update symbols file for libsystemd0 * Bump Standards-Version to 4.1.2 * Clean up old /var/lib/systemd/clock on upgrade. The clock file used by systemd-timesyncd is now stored in StateDirectory=systemd/timesync. (Closes: #883605) * Stop creating systemd-timesync system user. DynamicUser=yes has been enabled for systemd-timesyncd.service so allocating a system user statically is no longer necessary. * Document removal of systemd-{timesync,journal-gateway,journal-upload} user. We no longer create those system users as the corresponding services now use DynamicUser=yes. Removing those system users automatically is tricky, as the relevant services might be running during upgrade. Add a NEWS entry instead which documents this change. * Revert "udev-rules: Permission changes for /dev/dri/renderD*" This would introduce a new system group "render". As the name is rather generic, this needs further discussion first, so revert this change for now. -- Michael Biebl Sun, 17 Dec 2017 21:45:51 +0100 systemd (235-3) unstable; urgency=medium [ Michael Biebl ] * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7 Package-Type is recognized as an official field name. * Install modprobe configuration file to /lib/modprobe.d. Otherwise it is not read by kmod. (Closes: #879191) [ Felipe Sateler ] * Backport upstream (partial) fix for combined DynamicUser= + User= UID was not allowed to be different to GID, which is normally the case in debian, due to the group users being allocated the GID 100 without an equivalent UID 100 being allocated. * Backport upstream patches to fully make DynamicUser=yes + static, pre-existing User= work. [ Martin Pitt ] * Add missing python3-minimal dependency to systemd-tests * Drop long-obsolete systemd-bus-proxy system user systemd-bus-proxy hasn't been shipped since before stretch and never created any files. Thus clean up the obsolete system user on upgrades. (Closes: #878182) * Drop static systemd-journal-gateway system user systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need to create this statically any more. Don't remove the user on upgrades though, as there is likely still be a running process. (Closes: #878183) * Use DynamicUser= for systemd-journal-upload.service. * Add Recommends: libnss-systemd to systemd-sysv. This is useful to actually be able to resolve dynamically created system users with DynamicUser=true. This concept is going to be used much more in future versions and (hopefully) third-party .services, so pulling it into the default installation seems prudent now. * resolved: Fix loop on packets with pseudo dns types. (CVE-2017-15908, Closes: #880026, LP: #1725351) * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps. Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965) * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348) -- Martin Pitt Wed, 15 Nov 2017 09:34:00 +0100 systemd (235-2) unstable; urgency=medium * Revert "tests: when running a manager object in a test, migrate to private cgroup subroot first" This was causing test suite failures when running inside a chroot. -- Michael Biebl Wed, 11 Oct 2017 00:46:07 +0200 systemd (235-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 235 - cryptsetup-generator: use remote-cryptsetup.target when _netdev is present (Closes: #852534) - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638) - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready (Closes: #869995) - exec-util,conf-files: skip non-executable files in execute_directories() (Closes: #867902) - man: update udevadm -y/--sysname-match documentation (Closes: #865081) - tmpfiles: silently ignore any path that passes through autofs (Closes: #805553) - shared: end string with % if one was found at the end of a expandible string (Closes: #865450) * Refresh patches * Bump Build-Depends on libmount-dev to (>= 2.30) * Install new modprobe.d config file * Bump Standards-Version to 4.1.1 [ Martin Pitt ] * Merge logind-kill-off autopkgtest into logind test. This was horribly inefficient as a separate test (from commit 6bd0dab41e), as that cost two VM resets plus accompanying boots; and this does not change any state thus does not require this kind of isolation. -- Michael Biebl Tue, 10 Oct 2017 18:29:28 +0200 systemd (234-3) unstable; urgency=medium [ Martin Pitt ] * Various fixes for the upstream autopkgtest. [ Felipe Sateler ] * Add fdisk to the dependencies of the upstream autopkgtest. The upstream autopkgtest uses sfdisk, which is now in the non-essential fdisk package. (Closes: #872119) * Disable nss-systemd on udeb builds * Correctly disable resolved on udeb builds * Help fix collisions in libsystemd-shared symbols by versioning them. Backport upstream patch to version the symbols provided in the private library, so that they cannot confuse unversioned pam modules or libraries linked into them. (Closes: #873708) [ Dimitri John Ledkov ] * Cherrypick upstream networkd-test.py assertion/check fixes. This resolves ADT test suite failures, when running tests under lxc/lxd providers. * Cherrypick arm* seccomp fixes. This should resolve ADT test failures, on arm64, when running as root. * Disable KillUserProcesses, yet again, with meson this time. * initramfs-tools: trigger udevadm add actions with subsystems first. This updates the initramfs-tools init-top udev script to trigger udevadm actions with type specified. This mimics the systemd-udev-trigger.service. Without type specified only devices are triggered, but triggering subsystems may also be required and should happen before triggering the devices. This is the case for example on s390x with zdev generated udev rules. (LP: #1713536) [ Michael Biebl ] * (Re)add --quiet flag to addgroup calls. This is now safe with adduser having been fixed to no longer suppress fatal error messages if --quiet is used. (Closes: #837871) * Switch back to default GCC (Closes: #873661) * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf. All major NTP implementations ship a native service file nowadays with a Conflicts=systemd-timesyncd.service so this drop-in is no longer necessary. (Closes: #873185) -- Michael Biebl Mon, 04 Sep 2017 00:17:00 +0200 systemd (234-2.3) unstable; urgency=high * Non-maintainer upload. * Also switch to g++-6 temporarily (needed for some tests): - Add g++-6 to Build-Depends - Export CXX = g++-6 -- Cyril Brulebois Thu, 24 Aug 2017 02:40:53 +0200 systemd (234-2.2) unstable; urgency=high * Non-maintainer upload. * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el, apparently due to a gcc-7 bug (See: #871514): - Add gcc-6 to Build-Depends in debian/control - Export CC = gcc-6 in debian/rules -- Cyril Brulebois Wed, 23 Aug 2017 22:53:09 +0000 systemd (234-2.1) unstable; urgency=high * Non-maintainer upload. * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical version of the Debian Installer, as no key presses or mouse events get processed (Closes: #872598). -- Cyril Brulebois Wed, 23 Aug 2017 20:41:33 +0200 systemd (234-2) unstable; urgency=medium [ Martin Pitt ] * udev README.Debian: Fix name of example *.link file [ Felipe Sateler ] * test-condition: Don't assume that all non-root users are normal users. Automated builders may run under a dedicated system user, and this test would fail that. [ Michael Biebl ] * Revert "units: Tell login to preserve environment" Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is not unsetting the variables but instead sets it to an empty var. Passing that environment to login messes up the system locale settings and breaks programs like gpg-agent. (Closes: #868695) -- Michael Biebl Thu, 20 Jul 2017 15:13:42 +0200 systemd (234-1) unstable; urgency=medium [ Michael Biebl ] * New upstream version 234 - tmpfiles: Create /var/log/lastlog if it does not exist. (Closes: #866313) - network: Bridge vlan without PVID. (Closes: #859941) * Rebase patches * Switch build system from autotools to meson. Update the Build-Depends accordingly. * Update fsckd patch for meson * udev autopkgtest: no longer install test-udev binary manually. This is now done by the upstream build system. * Update symbols file for libsystemd0 * Update lintian override for systemd-tests. Upstream now installs manual and unsafe tests in subdirectories of /usr/lib/systemd/tests/, so ignore those as well. * Bump Standards-Version to 4.0.0 * Change priority of libnss-* packages from extra to optional. * Use UTF-8 locale when building the package. Otherwise meson will be pretty unhappy when trying to process files with unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed to be available everywhere. * Mark test-timesync as manual. The test tries to setup inotify watches for /run/systemd/netif/links which fails in a buildd environment where systemd is not active. * Do not link udev against libsystemd-shared. We ship udev in a separate binary package, so can't use libsystemd-shared, which is part of the systemd binary package. * Avoid requiring a "kvm" system group. This group is not universally available and as a result generates a warning during boot. As kvm is only really useful if the qemu package is installed and this package already takes care of setting up the proper permissions for /dev/kvm, drop this rule from 50-udev-default.rules. [ Martin Pitt ] * udev README.Debian: Update transitional rules and mention *.link files. - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade transition for VMs with virtio - Describe *.link files as a simpler/less error prone (but also less flexible) way of customizing interface names. (Closes: #868002) -- Michael Biebl Thu, 13 Jul 2017 17:38:28 +0200 systemd (233-10) unstable; urgency=medium [ Martin Pitt ] * Adjust var-lib-machines.mount target. Upstream PR #6095 changed the location to {remote-fs,machines}.target.wants, so just install all available ones. [ Dimitri John Ledkov ] * Fix out-of-bounds write in systemd-resolved. CVE-2017-9445 (Closes: #866147, LP: #1695546) [ Michael Biebl ] * Be truly quiet in systemctl -q is-enabled (Closes: #866579) * Improve RLIMIT_NOFILE handling. Use /proc/sys/fs/nr_open to find the current limit of open files compiled into the kernel instead of using a hard-coded value of 65536 for RLIMIT_NOFILE. (Closes: #865449) [ Nicolas Braud-Santoni ] * debian/extra/rules: Use updated U2F ruleset. This ruleset comes from Yubico's libu2f-host. (Closes: #824532) -- Michael Biebl Mon, 03 Jul 2017 18:51:58 +0200 systemd (233-9) unstable; urgency=medium * hwdb: Use path_join() to generate the hwdb_bin path. This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having double slashes in the path makes selabel_lookup_raw() return the wrong context. (Closes: #851933) * Drop no longer needed Breaks against usb-modeswitch * Drop Breaks for packages shipping rcS init scripts. This transition was completed in stretch. -- Michael Biebl Mon, 19 Jun 2017 15:10:14 +0200 systemd (233-8) experimental; urgency=medium * Bump debhelper compatibility level to 10 * Drop versioned Build-Depends on dpkg-dev. It's no longer necessary as even Jessie ships a new enough version. * timesyncd: don't use compiled-in list if FallbackNTP has been configured explicitly (Closes: #861769) * resolved: fix null pointer p->question dereferencing. This fixes a bug which allowed a remote DoS (daemon crash) via a crafted DNS response with an empty question section. Fixes: CVE-2017-9217 (Closes: #863277) -- Michael Biebl Mon, 29 May 2017 14:12:08 +0200 systemd (233-7) experimental; urgency=medium [ Michael Biebl ] * basic/journal-importer: Fix unaligned access in get_data_size() (Closes: #862062) * ima: Ensure policy exists before asking the kernel to load it (Closes: #863111) * Add Depends: procps to systemd. It's required by /usr/lib/systemd/user/systemd-exit.service which calls /bin/kill to stop the systemd --user instance. (Closes: #862292) * service: Serialize information about currently executing command (Closes: #861157) * seccomp: Add clone syscall definitions for mips (Closes: #861171) [ Dimitri John Ledkov ] * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605) [ Felipe Sateler ] * Specify nobody user and group. Otherwise nss-systemd will translate to group 'nobody', which doesn't exist on debian systems. -- Michael Biebl Wed, 24 May 2017 12:26:18 +0200 systemd (233-6) experimental; urgency=medium [ Felipe Sateler ] * Backport upstream PR #5531. This delays opening the mdns and llmnr sockets until a network has enabled them. This silences annoying messages when networkd receives such packets without expecting them: Got mDNS UDP packet on unknown scope. [ Martin Pitt ] * resolved: Disable DNSSEC by default on stretch and zesty. Both Debian stretch and Ubuntu zesty are close to releasing, switch to DNSSEC=off by default for those. Users can still turn it back on with DNSSEC=allow-downgrade (or even "yes"). [ Michael Biebl ] * Add Conflicts against hal. Since v183, udev no longer supports RUN+="socket:". This feature is still used by hal, but now generates vast amounts of errors in the journal. Thus force the removal of hal by adding a Conflicts to the udev package. This is safe, as hal is long dead and no longer useful. * Drop systemd-ui Suggests systemd-ui is unmaintained upstream and not particularly useful anymore. * journal: fix up syslog facility when forwarding native messages. Native journal messages (_TRANSPORT=journal) typically don't have a syslog facility attached to it. As a result when forwarding the messages to syslog they ended up with facility 0 (LOG_KERN). Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893) * Split upstream tests into systemd-tests binary package (Closes: #859152) * Get PACKAGE_VERSION from config.h. This also works with meson and is not autotools specific. [ Sjoerd Simons ] * init-functions Only call daemon-reload when planning to redirect systemctl daemon-reload is a quite a heavy operation, it will re-parse all configuration and re-run all generators. This should only be done when strictly needed. (Closes: #861158) -- Michael Biebl Fri, 28 Apr 2017 21:47:14 +0200 systemd (233-5) experimental; urgency=medium * Do not throw a warning in emergency and rescue mode if plymouth is not installed. Ideally, plymouth should only be referenced via dependencies, not ExecStartPre. This at least avoids the confusing error message on minimal installations that do not carry plymouth. * rules: Allow SPARC vdisk devices when identifying CD drives (Closes: #858014) -- Michael Biebl Tue, 21 Mar 2017 21:00:08 +0100 systemd (233-4) experimental; urgency=medium [ Martin Pitt ] * udev autopkgtest: Drop obsolete sys.tar.xz fallback. This was only necessary for supporting 232 as well. * root-unittest: Drop obsolete FIXME comment. * Add libpolkit-gobject-1-dev build dep for polkit version detection. * Move systemd.link(5) to udev package. .link files are being handled by udev, so it should ship the corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270) [ Michael Biebl ] * Restart journald on upgrades (Closes: #851438) * Avoid strict DM API versioning. Compiling against the dm-ioctl.h header as provided by the Linux kernel will embed the DM interface version number. Running an older kernel can lead to errors on shutdown when trying to detach DM devices. As a workaround, build against a local copy of dm-ioctl.h based on 3.13, which is the minimum required version to support DM_DEFERRED_REMOVE. (Closes: #856337) -- Michael Biebl Thu, 16 Mar 2017 18:40:16 +0100 systemd (233-3) experimental; urgency=medium [ Michael Biebl ] * Install D-Bus policy files in /usr * Drop no longer needed maintainer scripts migration code and simplify various version checks * Fix location of installed tests * Override package-name-doesnt-match-sonames lintian warning for libnss-* * Don't ship any symlinks in /etc/systemd/system. Those should be created dynamically via "systemctl enable". [ Martin Pitt ] * root-unittests autopkgtest: Skip test-udev. It has its own autopkgtest and needs some special preparation. At some point that should be merged into root-unittests, but let's quickfix this to unbreak upstream CI. -- Michael Biebl Fri, 03 Mar 2017 19:49:44 +0100 systemd (233-2) experimental; urgency=medium * test: skip instead of fail if crypto kmods are not available. The Debian buildds have module loading disabled, thus AF_ALG sockets are not available during build. Skip the tests that cover those (khash and id128) instead of failing them in this case. https://github.com/systemd/systemd/issues/5524 -- Martin Pitt Fri, 03 Mar 2017 11:51:25 +0100 systemd (233-1) experimental; urgency=medium [ Martin Pitt ] * New upstream release 233: - udev: Remove /run/udev/control on stop to avoid sendsigs to kill udevd. (Closes: #791944) - nspawn: Handle container directory symlinks. (Closes: #805785) - Fix mount units to not become "active" when NFS mounts time out. (Closes: #835810) - hwdb: Rework path/priority comparison when loading files from /etc/ vs. /lib. (Closes: #845442) - machinectl: Fix "list" command when failing to determine OS version. (Closes: #849316) - Support tilegx architecture. (Closes: #856306) - systemd-sleep(8): Point out inhibitor interface as better alternative for suspend integration. (Closes: #758279) - journalctl: Improve error message wording when specifying boot offset with ephemeral journal. (Closes: #839291) * Install new systemd-umount and /usr/lib/environment.d/ * Use "make install-tests" for shipped unit tests * Switch back to gold linker on mips* Bug #851736 got fixed now. * debian/rules: Drop obsolete SETCAP path [ Michael Biebl ] * Drop upstart jobs for udev * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs * Drop Breaks and Replaces from pre-jessie -- Martin Pitt Thu, 02 Mar 2017 17:10:09 +0100 systemd (232-19) unstable; urgency=medium [ Martin Pitt ] * debian/README.source: Update patch and changelog handling to current reality. * root-unittests autopkgtest: Blacklist test-journal-importer. This got added in a recent PR, but running this requires using "make install-tests" which hasn't landed yet. * fsckd: Fix format specifiers on 32 bit architectures. * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479) * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy. * boot-smoke autopkgtest: Run in containers, too. * logind autopkgtest: Adjust to work in containers. [ Dimitri John Ledkov ] * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031) * Fix emitting change signals with a sessions property in logind (LP: #1661568) [ Michael Biebl ] * If an automount unit is masked, don't react to activation anymore. Otherwise we'll hit an assert sooner or later. (Closes: #856035) [ Felipe Sateler ] * resolved: add the new KSK to the built-in resolved trust anchor. The old root key will be discarded in early 2018, so get this into stretch. * Backport some zsh completion fixes from upstream (Closes: #847203) -- Martin Pitt Thu, 02 Mar 2017 09:21:12 +0100 systemd (232-18) unstable; urgency=medium * udev autopkgtest: Adjust to script-based test /sys creation. PR #5250 changes from the static sys.tar.xz to creating the test /sys directory with a script. Get along with both cases until 233 gets released and packaged. * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is not installed. ReadWritePaths= fails by default if the referenced directory does not exist. This happens if resolvconf is not installed, so use '-' to ignore the absence. (Closes: #854814) * Fix two more seccomp issues. * Permit seeing process list of units whose unit files are missing. * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set. (Closes: #855050) -- Martin Pitt Mon, 13 Feb 2017 17:36:12 +0100 systemd (232-17) unstable; urgency=medium * Add libcap2-bin build dependency for tests. This will make test_exec_capabilityboundingset() actually run. (Closes: #854394) * Add iproute2 build dependency for tests. This will make test_exec_privatenetwork() actually run; it skips if "ip" is not present. (Closes: #854396) * autopkgtest: Run all upstream unit tests as root. Ship all upstream unit tests in libsystemd-dev, and run them all as root in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp architectures. * systemd-resolved.service.d/resolvconf.conf: Allow writing to /run/resolvconf. Upstream PR #5283 will introduce permission restrictions for systemd-resolved.service, including the lockdown to writing /run/systemd/. This will then cause the resolvconf call in our drop-in to fail as that needs to write to /run/resolvconf/. Add this to ReadWritePaths=. (This is a no-op with the current unrestricted unit). -- Martin Pitt Fri, 10 Feb 2017 11:52:46 +0100 systemd (232-16) unstable; urgency=medium [ Martin Pitt ] * Add autopkgtest for test-seccomp * udev: Fix by-id symlinks for devices whose IDs contain whitespace (Closes: #851164, LP: #1647485) * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test programs. This is apparently a new lintian warning on which uploads get rejected. These are only test programs, not in $PATH, and they need to link against systemd's internal library. [ Michael Biebl ] * Fix seccomp filtering. (Closes: #852811) * Do not crash on daemon-reexec when /run is full (Closes: #850074) -- Martin Pitt Thu, 09 Feb 2017 16:22:43 +0100 systemd (232-15) unstable; urgency=medium * Add missing Build-Depends on tzdata. It is required to successfully run the test suite. (Closes: #852883) * Bump systemd Breaks to ensure it is upgraded in lockstep with udev. The sandboxing features used by systemd-udevd.service require systemd (>= 232-11). (Closes: #853078) * Bump priority of libpam-systemd to standard. This reflects the changes that have been made in the archive a while ago. See #803184 -- Michael Biebl Wed, 01 Feb 2017 22:45:35 +0100 systemd (232-14) unstable; urgency=medium * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202) * Fix issues in journald during startup -- Michael Biebl Mon, 23 Jan 2017 14:52:46 +0100 systemd (232-13) unstable; urgency=medium * Re-add versioned Conflicts/Replaces against upstart. In Debian the upstart package was never split into upstart and upstart-sysv, so we need to keep that for switching from upstart to systemd-sysv. (Closes: #852156) * Update Vcs-* according to the latest recommendation * Update Homepage and the URLs in debian/copyright to use https -- Michael Biebl Sun, 22 Jan 2017 08:19:28 +0100 systemd (232-12) unstable; urgency=medium * Fix build if seccomp support is disabled * Enable seccomp support on ppc64 -- Michael Biebl Wed, 18 Jan 2017 19:43:51 +0100 systemd (232-11) unstable; urgency=medium [ Martin Pitt ] * Fix RestrictAddressFamilies= Backport upstream fix for setting up seccomp filters to fix RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from debian/rules to remove this property from unit files. See #843160 * Use local machine-id for running tests during package build. Since "init" and thus "systemd" are not part of debootstrap any more, some buildd chroots don't have an /etc/machine-id any more. Port the old Add-env-variable-for-machine-ID-path.patch to the current code, use a local machine-id again, and always make test suite failures fatal. (Closes: #851445) [ Michael Biebl ] * gpt-auto-generator: support LUKS encrypted root partitions (Closes: #851475) * Switch to bfd linker on mips* The gold linker is currently producing broken libraries on mips* resulting in segfaults for users of libsystemd. Switch to bfd until binutils has been fixed. (Closes: #851412) * Revert "core: turn on specifier expansion for more unit file settings" The expansion of the % character broke the fstab-generator and specifying the tmpfs size as percentage of physical RAM resulted in the size being set to 4k. (Closes: #851492) * Drop obsolete Conflicts, Breaks and Replaces * Require systemd-shim version which supports v232. See #844785 [ Ondřej Nový ] * Redirect try-restart in init-functions hook (Closes: #851688) -- Michael Biebl Wed, 18 Jan 2017 12:38:54 +0100 systemd (232-10) unstable; urgency=medium * Add NULL sentinel to strjoin. We haven't cherry-picked upstream commit 605405c6c which introduced a strjoin macro that adds the NULL sentinel automatically so we need to do it manually. (Closes: #851210) -- Michael Biebl Fri, 13 Jan 2017 05:08:55 +0100 systemd (232-9) unstable; urgency=medium * Use --disable-wheel-group configure switch. Instead of mangling the tmpfiles via sed to remove the wheel group, use the configure switch which was added upstream in v230. See https://github.com/systemd/systemd/issues/2492 * Update debian/copyright. Bob Jenkins released the lookup3.[ch] files as public domain which means there is no copyright holder. * Drop fallback for older reportbug versions when attaching files * debian/extra/init-functions.d/40-systemd: Stop checking for init env var. This env variable is no longer set when systemd executes a service so it's pointless to check for it. * debian/extra/init-functions.d/40-systemd: Stop setting _SYSTEMCTL_SKIP_REDIRECT=true. It seems we don't actually need it to detect recursive loops (PPID is sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into the runtime environment of the service. (Closes: #802018) * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT. Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more consistent with other environment variables which are used internally by systemd, like SYSTEMCTL_SKIP_SYSV. * Various specifier resolution fixes. Turn on specifier expansion for more unit file settings. See https://github.com/systemd/systemd/pull/4835 (Closes: #781730) -- Michael Biebl Thu, 12 Jan 2017 16:59:22 +0100 systemd (232-8) unstable; urgency=medium [ Martin Pitt ] * Drop systemd dependency from libnss-myhostname again. This NSS module is completely independent from systemd, unlike the other three. * Install 71-seat.rules into the initrd. This helps plymouth to detect applicable devices. (Closes: #756109) * networkd: Fix crash when setting routes. * resolved: Drop removal of resolvconf entry on stop. This leads to timeouts on shutdown via the resolvconf hooks and does not actually help much -- /etc/resolv.conf would then just be empty instead of having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved in a running system is broken either way. (LP: #1648068) * Keep RestrictAddressFamilies on amd64. This option and libseccomp currently work on amd64 at least, so let's make sure it does not break there as well, and benefit from the additional protection at least on this architecture. * Explicitly set D-Bus policy dir. This is about to change upstream in https://github.com/systemd/systemd/pull/4892, but as explained in commit 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1. [ Michael Biebl ] * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604) * core: Rework logic to determine when we decide to add automatic deps for mounts. This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider them managed by something else and do not add automatic ordering against umount.target, local-fs.target, remote-fs.target. (Closes: #818978) * rules: Add persistent links for nbd devices. (Closes: #837999) -- Michael Biebl Sat, 17 Dec 2016 01:54:18 +0100 systemd (232-7) unstable; urgency=medium [ Michael Biebl ] * Mark liblz4-tool build dependency as * udev: Try mount -n -o move first initramfs-tools is not actually using util-linux mount (yet), so making mount -n --move the first alternative would trigger an error message if users have built their initramfs without busybox support. [ Alexander Kurtz ] * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary variable. (Closes: #845977) [ Martin Pitt ] * Drop systemd-networkd's "After=dbus.service" ordering, so that it can start during early boot (for cloud-init.service). It will auto-connect to D-Bus once it becomes available later, and transient (from DHCP) hostname and timezone setting do not currently work anyway. (LP: #1636912) * Run hwdb/parse_hwdb.py during package build. * Package libnss-systemd * Make libnss-* depend on the same systemd package version. -- Martin Pitt Wed, 30 Nov 2016 14:38:36 +0100 systemd (232-6) unstable; urgency=medium * Add policykit-1 test dependency for networkd-test.py. * debian/rules: Don't destroy unit symlinks with sed -i. Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies= from units. This also caused unit symlinks to get turned into real files, causing D-Bus activated services like timedated to fail ("two units with the same D-Bus name"). * Fall back to "mount -o move" in udev initramfs script klibc's mount does not understand --move, so for the time being we need to support both variants. (Closes: #845161) * debian/README.Debian: Document how to generate a shutdown log. Thanks 積丹尼 Dan Jacobson. (Closes: #826297) -- Martin Pitt Mon, 21 Nov 2016 10:39:57 +0100 systemd (232-5) unstable; urgency=medium * Add missing liblz4-tool build dependency. Fixes test-compress failure during package build. * systemd: Ship /var/lib. This will soon contain a polkit pkla file. -- Martin Pitt Sun, 20 Nov 2016 12:22:52 +0100 systemd (232-4) unstable; urgency=medium [ Martin Pitt ] * debian/tests/unit-config: Query pkg-config for system unit dir. This fixes confusion on merged-/usr systems where both /usr/lib/systemd and /lib/systemd exist. It's actually useful to verify that systemd.pc says the truth. * debian/tests/upstream: Fix clobbering of merged-/usr symlinks * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary * debian/rules: Drop check for linking to libs in /usr. This was just an approximation, as booting without an initrd could still be broken by library updates (e. g. #828991). With merged /usr now being the default this is now completely moot. * Move kernel-install initrd script to a later prefix. 60- does not leave much room for scripts that want to run before initrd building (which is usually one of the latest things to do), so bump to 85. Thanks to Sjoerd Simons for the suggestion. * Disable 99-default.link instead of the udev rule for disabling persistent interface names. Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be set any more, which breaks 80-container-ve.network and matching on driver name in general. So disable the actual default link policy instead. Still keep testing for 80-net-setup-link.rules in the upgrade fix and 73-usb-net-by-mac.rules to keep the desired behaviour on systems which already disabled ifnames via that udev rule. See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html * debian/tests/boot-and-services: Always run seccomp test seccomp is now available on all architectures on which Debian and Ubuntu run tests, so stop making this test silently skip if seccomp is disabled. * Bump libseccomp build dependency as per configure.ac. * Replace "Drop RestrictAddressFamilies=" patch with sed call. With that it will also apply to upstream builds/CI, and it is structurally simpler. * Rebuild against libseccomp with fixed shlibs. (Closes: #844497) [ Michael Biebl ] * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989) * build-sys: do not install ctrl-alt-del.target symlink twice. (Closes: #844039) * Enable lz4 support. While the compression rate is not as good as XZ, it is much faster, so a better default for the journal and especially systemd-coredump. (Closes: #832010) [ Felipe Sateler ] * Enable machines.target by default. (Closes: #806787) [ Evgeny Vereshchagin ] * debian/tests/upstream: Print all journal files. We don't print all journal files. This is misleading a bit: https://github.com/systemd/systemd/pull/4331#issuecomment-252830790 https://github.com/systemd/systemd/pull/4395#discussion_r87948836 [ Luca Boccassi ] * Use mount --move in initramfs-tools udev script. Due to recent changes in busybox and initramfs-tools the mount utility is no longer the one from busybox but from util-linux. The latter does not support mount -o move. The former supports both -o move and --move, so use it instead to be compatible with both. See this discussion for more details: https://bugs.debian.org/823856 (Closes: #844775) -- Michael Biebl Sun, 20 Nov 2016 03:34:58 +0100 systemd (232-3) unstable; urgency=medium [ Felipe Sateler ] * Make systemd-delta less confused on merged-usr systems. (Closes: #843070) * Fix wrong paths for /bin/mount when compiled on merged-usr system. Then the build system finds /usr/bin/mount which won't exist on a split-/usr system. Set the paths explicitly in debian/rules and drop Use-different-default-paths-for-various-binaries.patch. (Closes: #843433) [ Martin Pitt ] * debian/tests/logind: Split out "pid in logind session" test * debian/tests/logind: Adjust "in logind session" test for unified cgroup hierarchy * debian/tests/boot-and-services: Check common properties of CLI programs. Verify that CLI programs have a sane behaviour and exit code when being called with --help, --version, or an invalid option. * nspawn: Fix exit code for --help and --version (Closes: #843544) * core: Revert using the unified hierarchy for the systemd cgroup. Too many things don't get along with it yet, like docker, LXC, or runc. (Closes: #843509) -- Martin Pitt Wed, 09 Nov 2016 09:34:45 +0100 systemd (232-2) unstable; urgency=medium * Drop RestrictAddressFamilies from service files. RestrictAddressFamilies= is broken on 32bit architectures and causes various services to fail with a timeout, including systemd-udevd.service. While this might actually be a libseccomp issue, remove this option for now until a proper solution is found. (Closes: #843160) -- Michael Biebl Sat, 05 Nov 2016 22:43:27 +0100 systemd (232-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release 232: - Fix "systemctl start" when ReadWriteDirectories is a symlink (Closes: ##792187) - Fix "journalctl --setup-keys" output (Closes: #839097) - Run run sysctl service if /proc/sys/net is writable, for containers (Closes: #840529) - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors (Closes: #834453) * debian/tests/logind: Copy the current on-disk unit instead of the on-memory one. * Build sd-boot on arm64. gnu-efi is available on arm64 now. (Closes: #842617) * Link test-seccomp against seccomp libs to fix FTBFS * debian/rules: Remove nss-systemd (until we package it) * Install new systemd-mount [ Michael Biebl ] * Install new journal-upload.conf man pages in systemd-journal-remote -- Martin Pitt Fri, 04 Nov 2016 07:18:10 +0200 systemd (231-10) unstable; urgency=medium [ Martin Pitt ] * systemctl: Add --wait option to wait until started units terminate again. * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors. This makes it possible to configure a fallback to "dns" without breaking DNSSEC, with "resolve [!UNAVAIL=return] dns". * libnss-resolve.postinst: Skip dns fallback if resolve is present. Only fall back to "dns" if nss-resolve is not installed (for the architecture of the calling program). Once it is, we never want to fall back to "dns" as that breaks enforcing DNSSEC verification and also pointlessly retries NXDOMAIN failures. (LP: #1624071) * unit: sent change signal before removing the unit if necessary (LP: #1632964) * networkd: Fix assertion crash on adding VTI with IPv6 addresses (LP: #1633274) * debian/tests/upstream: Stop specifying initrd, it is autodetected now. * debian/tests/upstream: Add gcc/libc-dev/make test dependencies, so that the tests can build helper binaries. [ Felipe Sateler ] * Explicitly disable installing the upstream-provided PAM configuration. * Register interest in the status of dracut and initramfs-tools in reportbug template [ Michael Biebl ] * Stop creating systemd-update-utmp-runlevel.service symlinks manually -- Martin Pitt Wed, 26 Oct 2016 13:24:37 +0200 systemd (231-9) unstable; urgency=medium * pid1: process zero-length notification messages again. Just remove the assertion, the "n" value was not used anyway. This fixes a local DoS due to unprocessed/unclosed fds which got introduced by the previous fix. (Closes: #839171) (LP: #1628687) * pid1: Robustify manager_dispatch_notify_fd() * test/networkd-test.py: Add missing writeConfig() helper function. -- Martin Pitt Thu, 29 Sep 2016 23:39:24 +0200 systemd (231-8) unstable; urgency=medium [ Martin Pitt ] * Replace remaining systemctl --failed with --state=failed "--failed" is deprecated in favor of --state. * debian/shlibs.local.in: More precisely define version of internal shared lib. * debian/tests/upstream: Drop blacklisting These tests now work fine without qemu. * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737) * upstream build system: Install libudev, libsystemd, and nss modules to ${rootlibdir}. Drop downstream workaround from debian/rules. * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release. Resolved's DNSSEC support is still not mature enough, and upstream recommends to disable it in stable distro releases still. * Fix abort/DoS on zero-length notify message triggers (LP: #1628687) * resolved: don't query domain-limited DNS servers for other domains (LP: #1588230) [ Antonio Ospite ] * Update systemd-user pam config to require pam_limits.so. (Closes: #838191) -- Martin Pitt Thu, 29 Sep 2016 13:40:21 +0200 systemd (231-7) unstable; urgency=medium [ Michael Biebl ] * fsckd: Do not exit on idle timeout if there are still clients connected (Closes: #788050, LP: #1547844) [ Martin Pitt ] * 73-usb-net-by-mac.rules: Split kernel command line import line. Reportedly this makes the rule actually work on some platforms. Thanks Alp Toker! (LP: #1593379) * debian/tests/boot-smoke: Only run 5 iterations * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt. Drop corresponding libcap2-bin dependency. * debian/tests/systemd-fsckd: Robustify check for "unit was running" (LP: #1624406) * debian/extra/set-cpufreq: Use powersave with intel_pstate. This is what we did on xenial, and apparently powersave is still actually better than performance. Thanks to Doug Smythies for the measurements! (LP: #1579278) * Ubuntu: Move ondemand.service from static to runtime enablement. This makes it easier to keep performance, by disabling ondemand.service. Side issue in LP: #1579278 * Revert "networkd: remove route if carrier is lost" This causes networkd to drop addresses from unmanaged interfaces in some cases. (Closes: #837759) * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well. (LP: #1625584) -- Martin Pitt Tue, 20 Sep 2016 15:03:06 +0200 systemd (231-6) unstable; urgency=medium [ Martin Pitt ] * Add alternative iptables-dev build dependencies libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases. Add it as a fallback build dependency for backports and upstream tests. * Detect if seccomp is enabled but seccomp filtering is disabled (Closes: #832713) * resolved: recognize DNS names with more than one trailing dot as invalid (LP: #1600000) * debian/tests/smoke: Store udev db dump artifact on failure * networkd: limit the number of routes to the kernel limit * systemctl: consider service running only when it is in active or reloading state * networkd: remove route if carrier is lost * Add Ref()/Unref() bus calls for units [ Felipe Sateler ] * git-cherry-pick: always recreate the patch-queue branch. [ Dimitri John Ledkov ] * Use idiomatic variables from dpkg include. -- Martin Pitt Sun, 11 Sep 2016 15:00:55 +0200 systemd (231-5) unstable; urgency=medium [ Iain Lane ] * Let graphical-session-pre.target be manually started (LP: #1615341) [ Felipe Sateler ] * Add basic version of git-cherry-pick * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream patch * sysv-generator: better error reporting. (Closes: #830257) [ Martin Pitt ] * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more efficiently. Stop calling readlink at all and just test if /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e. empty file), and if the rule is customized we cannot really predict anyway if the user wants MAC-based USB net names or not. (LP: #1615021) * Ship kernel-install (Closes: #744301) * Add debian/extra/kernel-install.d/60-initrd.install. This kernel-install drop-in copies the initrd of the selected kernel to the EFI partition. * bootctl: Automatically detect ESP partition. This makes bootctl work with Debian's /boot/efi/ mountpoint without having to explicitly specify --path. Patches cherry-picked from upstream master. * systemd.NEWS: Point out that alternatively rcS scripts can be moved to rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion! [ Michael Biebl ] * Enable iptables support (Closes: #787480) * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf" The special 'key handling' inhibitors should always work regardless of any *IgnoreInhibited settings – otherwise they're nearly useless. Update man pages to clarify that *KeyIgnoreInhibited only apply to a subset of locks (Closes: #834148) -- Martin Pitt Fri, 26 Aug 2016 10:58:07 +0200 systemd (231-4) unstable; urgency=medium * Revert "pid1: reconnect to the console before being re-executed" This unbreaks consoles after "daemon-reexec". (Closes: #834367) -- Martin Pitt Thu, 18 Aug 2016 07:03:13 +0200 systemd (231-3) unstable; urgency=medium * resolved resolvconf integration: Run resolvconf without privilege restrictions. On some architectures (at least ppc64el), running resolvconf does not work with MemoryDenyWriteExecute=yes. (LP: #1609740) * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented through seccomp as well. (Closes: #832713) -- Martin Pitt Mon, 15 Aug 2016 09:58:09 +0200 systemd (231-2) unstable; urgency=medium [ Martin Pitt ] * debian/rules: Fix UPSTREAM_VERSION for upstream master builds * Limit "link against /usr" check to some critical binaries only and add generators * debian/rules: Put back cleanup of *.busname (Closes: #833487) * debian/tests/localed-x11-keymap: Robustify cleanup * debian/tests/localed-x11-keymap: Check that localed works without /etc/default/keyboard. This reproduces #833849. * Revert "units: add a basic SystemCallFilter (#3471)" This causes fatal failures on kernels that don't have seccomp enabled. This can be reactivated once https://github.com/systemd/systemd/issues/3882 is fixed. (Closes: #832713, #832893) [ Simon McVittie ] * localed: tolerate absence of /etc/default/keyboard. The debian-specific patch to read Debian config files was not tolerating the absence of /etc/default/keyboard. This causes systemd-localed to fail to start on systems where that file isn't populated (like embedded systems without keyboards). (Closes: #833849) -- Martin Pitt Sun, 14 Aug 2016 10:54:57 +0200 systemd (231-1) unstable; urgency=low [ Martin Pitt ] * New upstream release 231: - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file system" warning. (Closes: #830693) * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal leftover. (Closes: #830778) * Drop support for rcS.d SysV init scripts. These are prone to cause dependency loops, and almost all packages with rcS scripts now ship a native systemd service. * networkd: Handle router advertisements in userspace again. Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch. Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793 are unreproducible and need more reporter feedback. * debian/gbp.conf: Enable dch options "full" and "multimaint-merge" * systemd-sysv: Add Conflicts: systemd-shim. To avoid shim trying to claim the D-Bus interfaces. * Add graphical-session.target user unit. * Add graphical-session-pre.target user unit * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf. This avoids long hangs during shutdown if user services fail/hang due to X.org going away too early. This is mostly a workaround, so only install for Ubuntu for now. * Dynamically add upstream version to debian/shlibs.local * Set Debian/Ubuntu downstream support URL in journal catalogs (Closes: #769187) [ Michael Biebl ] * Restrict Conflicts: openrc to << 0.20.4-2.1. Newer versions of openrc no longer ship conflicting implementations of update-rc.d/invoke-rc.d. * Add Depends: dbus to systemd-container. This is required for systemd-machined and systemd-nspawn to work properly. (Closes: #830575) * Drop insserv.conf generator. We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and augment services with that dependency information via runtime drop-in files. Services which want to provide certain system facilities need to pull in the corresponding targets themselves. Either directly in the native service unit or by shipping a drop-in snippet for SysV init scripts. (Closes: #825858) * getty-static.service: Only start if we have a working VC subsystem. Use ConditionPathExists=/dev/tty0, the same check as in getty@.service, to determine whether we have a functional VC subsystem and we should start any gettys. (Closes: #824779) * Stop mentioning snapshot and restore in the package description. Support for the .snapshot unit type has been removed upstream. * Drop sigpwr-container-shutdown.service. This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3 to shut down systemd based LXC containers. https://github.com/lxc/lxc/pull/1086 https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ [ Felipe Sateler ] * Add versioned breaks for packages shipping rcS init scripts -- Martin Pitt Tue, 26 Jul 2016 12:17:14 +0200 systemd (230-7) unstable; urgency=medium * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a shlibs file for it. * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols. This ensures proper dependencies when a package has a Build-Depends on a higher version of libudev-dev or libsystemd-dev then what it gets from the used symbols. -- Michael Biebl Fri, 08 Jul 2016 13:04:33 +0200 systemd (230-6) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-smoke: Stop running in containers again, too unreliable on Ubuntu s390x right now. [ Michael Biebl ] * Bump Build-Depends on debhelper to (>= 9.20160114), required for --dbgsym-migration support. * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries should be installed directly into $libdir. * Exclude libsystemd-shared from dh_makeshlibs. [ Felipe Sateler ] * Do not install libsystemd-shared.so symlink * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144) [ Michael Prokop ] * debian/tests/logind: Ensure correct version of logind is running. -- Michael Biebl Thu, 07 Jul 2016 15:22:16 +0200 systemd (230-5) unstable; urgency=medium [ Martin Pitt ] * Sync test/networkd-test.py with current upstream master, and remove our debian/tests/networkd copy. Directly run test/networkd-test.py in autopkgtest. * debian/extra/rules/73-usb-net-by-mac.rules: Disable when /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be consistent with the documented way to disable ifnames. (Closes: #824491, LP: #1593379) * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr" check, to work around libaudit1 recently gaining a new dependency against that library (#828991). We have no influence on that ourselves. This fixes the FTBFS in the meantime. [ Felipe Sateler ] * Convert common code into a private shared library. This saves about 9 MB of installed size in the systemd package, and some more in systemd-*. -- Martin Pitt Fri, 01 Jul 2016 09:15:12 +0200 systemd (230-4) unstable; urgency=medium [ Martin Pitt ] * tmp.mount: Add nosuid and nodev mount options. This restores compatibility with the original SysV int RAMTMP defaults. (Closes: #826377) * debian/tests/upstream: Some tests fail on platforms without QEMU at the moment due to upstream PR#3587; blacklist these for now if QEMU is not available. * debian/rules: Don't run the "anything links against /usr" check for upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have libidn moved to /lib. * debian/tests/upstream: Clean up old journals before running a test, to avoid printing a wrong one on failure. * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the only place where these actually run. * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to disable local caching. * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489) * resolved: Update resolv.conf when calling SetLinkDNS(). * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the chance of seeing some half-written signatures. * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression seems to have been fixed now. * resolved: respond to local resolver requests on 127.0.0.53:53. This provides compatibility with clients that don't use NSS but do DNS queries directly, such as Chrome. * resolved: Don't add route-only domains to /etc/resolv.conf. * systemd-resolve: Add --flush-caches and --status commands. * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell resolvconf about resolved's builtin DNS server on 127.0.0.53. With that, DNS servers picked up via networkd are respected when using resolvconf, and software like Chrome that does not do NSS (libnss-resolve) still gets proper DNS resolution. Drop the brittle and ugly systemd-networkd-resolvconf-update.{path,service} hack instead. * debian/tests/boot-smoke: Run in containers as well. [ Laurent Bigonville ] * Build with IDN support. (Closes: #814528) -- Martin Pitt Wed, 29 Jun 2016 15:23:32 +0200 systemd (230-3) unstable; urgency=medium [ Martin Pitt ] * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed systemctl exit code for "unit not found" in upstream commit ca473d57. * debian/tests/boot-and-services, test_no_failed(): Show journal of failed units. * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl show behaviour in 231: now this fails for nonexisting units instead of succeeding with "not-found". Make the code compatible to both for now. * Fix networkd integration with resolvconf for domain-limited DNS servers, so that these don't appear as global nameservers in resolv.conf. Thanks Andy Whitcroft for the initial fix! Add corresponding test case to debian/tests/networkd. (LP: #1587762) * resolved: Fix comments in resolve.conf for search domain overflows. (LP: #1588229) * On Ubuntu, provide an "ondemand.service" that replaces /etc/init.d/ondemand. The latter does not exist any more when "initscripts" falls out of the default installation. (LP: #1584124) This now does not do a fixed one-minute wait but uses "Type=idle" instead. This also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old), as on these the ondemand/powersave schedulers are actually detrimental. (LP: #1579278) * debian/systemd-container.install: Drop *.busname installation, they are going away upstream. * debian/extra/init-functions.d/40-systemd: Do not call systemctl daemon-reload if the script is called as user (like reportbug does). Also make sure that daemon-reload will not invoke polkit. * Install test-udeb from .libs, to avoid installing the automake shell wrapper. * Fix transaction restarting in resolved to avoid async processing of free'd transactions. (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740) * Add "upstream" autopkgtest that runs the test/TEST* upstream integration tests in QEMU and nspawn. * Build systemd-sysusers binary, for using in rkt. Do not ship the corresponding unit and sysusers.d/ files yet, as these need some Debianization and an autopkgtest. (Closes: #823322) * debian/tests/systemd-fsckd: Adjust was_running() to also work for version 230. [ Michael Biebl ] * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState of a service is "not-found". This will run systemd-sysv-generator, so SysV init scripts that aren't installed by the package manager should be picked up automatically. (Closes: #825913) * automount: handle expire_tokens when the mount unit changes its state. (Closes: #826512) * debian/systemd.preinst: Correctly determine whether a service is enabled. Testing for the return code alone is not sufficient as we need to differentiate between "generated" and "enabled" services. (Closes: #825981) [ Felipe Sateler ] * Drop configure option --disable-compat-libs. It no longer exists. * Add policykit-1 to Suggests. It is used to allow unprivileged users to execute certain commands. (Closes: #827756) -- Martin Pitt Tue, 21 Jun 2016 23:51:07 +0200 systemd (230-2) unstable; urgency=medium [ Martin Pitt ] * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there it does not use hotplug.functions and is a lower version. * boot-and-services autopkgtest: Add missing xserver-xorg and lightdm-greeter test dependencies, so that lightdm can start. (See LP #1581106) * Re-disable logind's KillUserProcesses option by default. (Closes: #825394) [ Michael Biebl ] * Drop --disable-silent-rules from debian/rules. This is now handled by dh directly depending on whether the DH_QUIET environment variable is set. -- Martin Pitt Tue, 31 May 2016 12:02:14 +0200 systemd (230-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release 230. - Fix rare assertion failure in hashmaps. (Closes: #816612) - Fix leaking scope units. (Closes: #805477) - Fix wrong socket ownership after daemon-reload. (LP: #1577001) - udev: Fix touch screen detection. (LP: #1530384) * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu now. * udev: Drop hotplug.functions, now that the last remaining user of this got fixed. Add appropriate versioned Breaks:. * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices from different vendors. Thanks Atoyama Tokanawa. * Remove "bootchart" autopkgtest, this upstream version does not ship bootchart any more. It will be packaged separately. [ Michael Biebl ] * Drop obsolete --disable-bootchart configure switch from udeb build. * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades. -- Martin Pitt Mon, 23 May 2016 09:42:51 +0200 systemd (229-6) unstable; urgency=medium * systemd-container: Prefer renamed "btrfs-progs" package name over "btrfs-tools". (Closes: #822629) * systemd-container: Recommend libnss-mymachines. (Closes: #822615) * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages. * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't need $x-display-manager any more as most/all DMs ship native services, and $mail-transport-agent is not widely used (not even by our default MTA exim4). * Unify our two patches for Debian specific configuration files. * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in its own slave mount name space again. laptop-mode-tools 1.68 fixed the original bug (#762018), thus add a Breaks: to earlier versions. * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/; remove the conffile on upgrades. * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got committed upstream. * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch that got committed upstream. * debian/udev.README.Debian: Adjust documentation of MAC based naming for USB network cards to the udev rule, where this was moved to in 229-5. * debian/extra/init-functions.d/40-systemd: Invoke status command with --no-pager, to avoid blocking scripts that call an init.d script with "status" with an unexpected pager process. (Closes: #765175, LP: #1576409) * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles accessible to the user session. This avoids having to install libu2f-host0 (which isn't discoverable at all) to make those devices work. (LP: #1387908) * libnss-resolve: Enable systemd-resolved.service on package installation, as this package makes little sense without resolved. * Add a DHCP exit hook for pushing received NTP servers into timesyncd. (LP: #1578663) * debian/udev.postinst: Fix migration check from the old persistent-net generator to not apply to chroots. (Closes: #813141) * Revert "enable TasksMax= for all services by default, and set it to 512". Introducing a default limit on number of threads broke a lot of software which regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an indefinite number of subtasks that are not in a scope, like LXC or cron. 512 is way too much for most "simple" services, and it's way too little for the ones mentioned above. Effective (and much stricter) limits should instead be put into units individually. (Closes: #823530, LP: #1578080) * Split out udev rule to name USB network interfaces by MAC address into 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025) * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the kernel command line, to be consistent with disabling the *.link files. * 73-special-net-names.rule: Name the IBM integrated management module virtual USB network card "ibmimm". Thanks Marco d'Itri! -- Martin Pitt Thu, 12 May 2016 09:40:19 +0200 systemd (229-5) unstable; urgency=medium * debian/tests/unit-config: Call "daemon-reload" to clean up generated units in between tests. * debian/tests/unit-config: Check that enable/disable commands are idempotent. * debian/tests/unit-config: Detect if system units are in /usr/, so that the test works on systems with merged /usr. * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d directly, so that the test works under Fedora too. * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit, and check "systemctl enable" on a unit with full path which is not in the standard directories. * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as it is going to get rules for other devices. Also install it into the initramfs. * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based naming schema for ibmveth devices. (LP: #1561096) * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper devices with "change" events, as this causes spurious unmounting with multipath devices. (LP: #1565969) * Fix bogus "No [Install] section" warning when enabling a unit with full path. (LP: #1563590) * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog by default any more. * Bump Standards-Version to 3.9.8 (no changes necessary). * debian/tests/boot-smoke: Add some extra debugging if there are pending jobs after 10s, to figure out why lightdm is sometimes "restarting". (for LP #1571673) * debian/tests/boot-smoke: Configure dummy X.org driver (like in the boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673) * Move Debian specific patches into debian/patches/debian (which translates to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian patches separated without the comments in debian/patches/series (which always get removed by "pq export"). * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't supported in Debian. (Closes: #822198) * udev: Mark nbd as inactive until connected. (Closes: #812485) * On shutdown, unmount /tmp before disabling swap. (Closes: #788303) * debian/systemd-coredump.postinst: Do daemon-reload before starting systemd-coredump, as the unit file may have changed on upgrades. (Closes: #820325) * Set MAC based name for USB network interfaces only for universally administered (i. e. stable) MACs, not for locally administered (i. e. randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link (as link files don't currently support globs for MACAddress=) and replace with an udev rule in /lib/udev/rules.d/73-special-net-names.rules. (Closes: #812575, LP: #1574483) -- Martin Pitt Mon, 25 Apr 2016 11:08:11 +0200 systemd (229-4) unstable; urgency=medium * Fix assertion crash when processing a (broken) device without a sysfs path. (Closes: #819290, LP: #1560695) * Fix crash when shutdown is issued from a non-tty. (LP: #1553040) * networkd: Stay running while any non-loopback interface is up. (Closes: #819414) * Fix reading uint32 D-Bus properties on big-endian. * Fix crash if an udev device has many tags or devlinks. (LP: #1564976) * systemctl, loginctl, etc.: Don't start polkit agent when running as root. (LP: #1565617) * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3. * systemd.resource-control.5: Fix links to cgroup documentation on kernel.org. (Closes: #819970) * Install test-udev into libudev-dev, so that we have it available for autopkgtests. * Add "udev" autopkgtest for running the upstream test/udev-test.pl. -- Martin Pitt Thu, 07 Apr 2016 08:11:10 +0200 systemd (229-3) unstable; urgency=medium [ Martin Pitt ] * debian/tests/timedated: Add tests for "timedatectl set-local-rtc". * Be more tolerant in parsing /etc/adjtime. * debian/systemd.postinst: Don't fail package installation if systemctl daemon-reload trigger fails. This does not fix the root cause of the reload failures, but at least causes fewer packages to be in a broken state after upgrade, so that a reboot or apt-get -f install have a much higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654) * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against upstream as well. * debian/tests/boot-and-services: Wait for units to stop with a "systemctl is-active" loop instead of static sleeps. * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This is an actual regression in networkd-229, to be investigated. But this shouldn't hold up reverse dependencies. * Fix assertion in add_random(). (LP: #1554861) * debian/tests/boot-and-services: Don't assert on "Stopped Container c1" message in NspawnTests.test_service(), this is sometimes not present. Just check that the unit did not fail. * Add "adduser" dependency to systemd-coredump, to quiesce lintian. * Bump Standards-Version to 3.9.7 (no changes necessary). * Fix timespec parsing by correctly initializing microseconds. (Closes: #818698, LP: #1559038) * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488) * Cherry-pick various fixes from upstream master. - Fixes logout when changing the current target. (Closes: #805442) [ Evgeny Vereshchagin ] * debian/tests/boot-and-services: Search systemd-coredump's output by SYSLOG_IDENTIFIER. * Add missing "Recommends: btrfs-tools" to systemd-container. * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket without a reboot. (Closes: #816767) [ Felipe Sateler ] * Set the paths of loadkeys and setfont via configure arguments, not a patch -- Martin Pitt Mon, 21 Mar 2016 14:11:44 +0100 systemd (229-2) unstable; urgency=medium * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on many architectures. * debian/systemd.postinst: Add missing newline to /etc/adjtime migration. (See #699554) * debian/systemd.postinst: Only try to enable tmp.mount if we actually copied it to /etc. Don't try to enable a generated unit. (LP: #1545707) * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from 5 to 10 seconds, and sync the journal after every iteration. * debian/extra/checkout-upstream: Try again after one minute if git checkout fails, to avoid failures from transient network errors. * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a template for generating our custom one instead of 90-autopkgtest.cfg. The latter does not exist on non-x86 architectures and is not relevant for this test. * debian/tests/boot-and-services: Skip journal test for test_bash_crash when running against upstream, as this currently fails most of the time. To be investigated. * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against upstream, as this is brittle there. To be investigated. * debian/tests/bootchart: Skip test if bootchart is not available or testing in upstream mode. bootchart got removed from master and will be moved to a separate repository. * debian/tests/boot-and-services: Show verbose journal output on failure in nspawn test, and sync journal before. * Move systemd-coredump socket and service into systemd-coredump binary package. * Revert changing the default core dump ulimit and core_pattern. This completely breaks core dumps without systemd-coredump. It's also contradicting core(8). (Closes: #815020) * Fix addresses for type "sit" tunnels. (Closes: #816132) * networkd: Go back to letting the kernel handle IPv6 router advertisements, as networkd's own currently has too many regressions. Thanks to Stefan Lippers-Hollmann for investigating this! (Closes: #814566, #814667, #815586, #815884, #815793) -- Martin Pitt Sun, 28 Feb 2016 22:16:12 +0100 systemd (229-1) unstable; urgency=medium * New upstream release 229. - Fix systemctl behaviour in chroots. (Closes: #802780) - Fix SELinux context of /run/user/$UID. (Closes: #775651) - Add option to optionally turn of color output. (Closes: #783692) - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514) - Do not warn about Wants depencencies on masked units. (LP: #1543282) * debian/systemd.install: Ship the new systemd-resolve. * libsystemd0.symbols: Add new symbols from this release. * systemd-coredump.postinst: Create systemd-coredump system user. * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth unit, which is a race condition with plymouthd auto-stopping. (LP: #1543144) * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch. initramfs-tools has mounted /usr since Jessie, and tzdata now creates /etc/localtime as a symlink too (see #803144). * Use-different-default-paths-for-various-binaries.patch: Drop path changes for setcap (which is already a build dep and not used at all) and sulogin (which is now in util-linux). * Remove obsolete udev maintainer script checks: - Drop check for kernel >= 2.6.32, which released in 2009. - Drop restarting of some daemons due to the devtmpfs migration, which happened before the above kernel even. - Drop support for forcing upgrades on kernels known not to work via /etc/udev/kernel-upgrade. Don't pretend that this would help, as users could end up with a non-bootable system. Always fail early in preinst when it's still possible to install a working kernel. - Drop postinst test for "running in containers" -- it's actually possible to run udev in containers if you mount /sys r/w and you know what you are doing. Also, the init.d script and systemd service do that check again. - Keep the kernel feature and chroot checks, as these are still useful. Simplify check_kernel_features() by eliminating some variables. - Drop debconf templates. Two of them are obsolete, and having CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant the overhead and translator efforts. * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the test should go there too (see #814312). * debian/tests/control: Reorder tests and add a comment which ones should not be run for an upstream build. * debian/tests/control: Rearrange tests and avoid removing test dependencies to minimize testbed resets. * Add debian/extra/checkout-upstream: Script to replace the current source with a checkout of an upstream pull request, branch, or commit, and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is set. This will be used for upstream CI. * Enable seccomp support on powerpc, ppc64el, and s390x. -- Martin Pitt Thu, 11 Feb 2016 21:02:39 +0100 systemd (228-6) unstable; urgency=medium * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to have 0755 permissions instead of 1777. (LP: #1541775) -- Martin Pitt Thu, 04 Feb 2016 11:46:54 +0100 systemd (228-5) unstable; urgency=medium [ Martin Pitt ] * Drop systemd-vconsole-setup.service: It has never been installed/used in Debian and is not necessary for Ubuntu any more. * Drop halt-local.service. This has never been documented/used in Debian. (LP: #1532553) * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke" again, it comes from klibc-utils. But fall back to "rm" if it does not exist. * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already provides time synchronization with the host. (Closes: #812522) * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago. Thanks Michael for your great work in the past! * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The rationale from #739679 still applies, but with the moving of {invoke,update}-rc.d to init-system-helpers we don't actually need anything from sysv-rc any more other than the assumption that SysV init scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and file-rc and openrc don't do that). * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set. * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is set. * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf if $TEST_UPSTREAM is set. * debian/tests/boot-and-services: Check for reaching graphical.target instead of default.target, as the latter is a session systemd state only. * debian/tests/boot-and-services: Skip tests which are known to fail/not applicable with testing upstream builds. * Drop Fix-up-tmpfiles.d-permissions-properly.patch: - /run/lock is already created differently by Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that. - /run/lock/lockdev/ isn't being used anywhere and got dropped upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch). - Move dropping of "group:wheel" (which has never existed in Debian) into debian/rules, to also catch occurrences in other parts of the file which the static patch would overlook. * Shorten persistent identifier for CCW network interfaces (on s390x only). (LP: #1526808) * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream master instead of distro packages), don't fail on non-installed new files or new library symbols. * Add systemd-sysv conflict to upstart-sysv, and version the upstart conflict. This works with both Debian's and Ubuntu's upstart packages. [ Michael Biebl ] * Drop support for the /etc/udev/disabled flag file. This was a workaround for udev failing to install with debootstrap because it didn't use invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742 for further details. This is no longer the case, so supporting that file only leads to confusion about its purpose. * Retrigger cleanup of org.freedesktop.machine1.conf and hwclock-save.service now that dpkg has been fixed to correctly pass the old version to postinst on upgrade. (Closes: #802545) * Only ship *.link files as part of the udev package. The *.network files are solely used by systemd-networkd and should therefor be shipped by the systemd package. (Closes: #808237) * Cherry-pick a few fixes from upstream: - Fix unaligned access in initialize_srand(). (Closes: #812928) - Don't run kmod-static-nodes.service if module list is empty. This requires kmod v23. (Closes: #810367) - Fix typo in systemctl(1). (Closes: #807462) - Fix systemd-nspawn --link-journal=host to not fail if the directory already exists. (Closes: #808222) - Fix a typo in logind-dbus.c. The polkit action is named org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff. - Don't log an EIO error in gpt-auto-generator if blkid finds something which is not a partition table. (Closes: #765586) - Apply ACLs to /var/log/journal and also set them explicitly for system.journal. * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr flag file exists. Otherwise we break booting with dracut which uses systemd inside the initramfs. (Closes: #810748) * Update the instructions in README.Debian for creating /var/log/journal. They are now in line with the documentation in the systemd-journald(8) man page and ensure that ACLs and group permissions are properly set. (Closes: #800947, #805617) * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no longer necessary as invoke-rc.d and init-system-helpers take care of this nowadays. -- Martin Pitt Wed, 03 Feb 2016 10:09:46 +0100 systemd (228-4) unstable; urgency=medium * debian/udev.README.Debian: Add alternative way of disabling ifnames. (Closes: #809339) * Put back /lib/udev/hotplug.functions, until the three remaining packages that use it stop doing so. (Closes: #810114) * debian/udev.README.Debian: Point out that any change to interface naming rules requires an initrd update. -- Martin Pitt Mon, 11 Jan 2016 07:12:40 +0100 systemd (228-3) unstable; urgency=medium [ Martin Pitt ] * debian/rules: Remove temporary debug output from test failures again. All Debian buildd kernels are recent enough now, but add a check for kernels older than 3.13 and ignore test failures for those. * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so that we can test against other implementations. * debian/tests/networkd: Add router setup using an (isolated) networkd process for configuring the veths and DHCP server. * debian/tests/networkd: On failure, only show journal for current test. * systemd-networkd-resolvconf-update.service: Wait for getting a name server, not just for getting online. * debian/tests/boot-and-services: Wait until bash crash stack trace is in the journal before asserting on it. Also relax RE to work on non-x86 architectures. * debian/tests/networkd: If /etc/resolv.conf already has three nameservers, accept that too (as then the additional test one can't be added any more). * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910) * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to arrive; s-n-wait-online already exits after getting an IPv6 address, but we verify both. * debian/tests/boot-and-services: Don't check for "Requesting system poweroff" log message in nspawn test, current upstream master does not write that any more. Instead check for "Stopped Container c1". * Add "storage" autopkgtest. Initially this covers some basic use cases with LUKS cryptsetup devices. * Add acl build dependency (for ). Current upstream master now needs it for some test cases. * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf" instead of "nuke". The latter does not exist any more in current initramfs-tools. * Ignore test failures during "make check" if /etc/machine-id is missing (like in ancient local schroots). (Closes: #807884) * debian/extra/rules/80-debian-compat.rules: Remember which device got the "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that is already created in 60-cdrom_id.rules. * Eliminate "hotplug.functions" udev helper and put the logging functions directly into net.agent. This simplifies the migration of the latter to ifupdown. * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*} paths, only keep /lib/systemd/{system*,network}. (Closes: #808997) * debian/udev.README.Debian: Fix typo and slight wording improvement. (Closes: #809513) * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to ifupdown 0.8.5 now. Add Breaks: to earlier versions. [ Michael Biebl ] * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac. (Closes: #805631) * Make sure all swap units are ordered before the swap target. This avoids that swap devices are being stopped prematurely during shutdown. (Closes: #805133) * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package and clean up the conffile on upgrades. We have the dbus-user-session package in Debian to properly enable the D-Bus user-session mode which also takes care of updating the systemd --user environment. (Closes: #795761) * Stop testing for unknown arguments in udev maintainer scripts. * Drop networking.service.d/systemd.conf. The ifupdown package now ships a proper service file so this drop-in file is no longer necessary. [ Andreas Henriksson ] * Fix LSB init hook to not reload masked services. (Closes: #804882) -- Martin Pitt Sat, 02 Jan 2016 17:42:56 +0100 systemd (228-2) unstable; urgency=medium * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on big-endian machines. * Bump libseccomp-dev build dependency to indicate required versions for backporting to jessie. (Closes: #805497) -- Martin Pitt Thu, 19 Nov 2015 11:37:45 +0100 systemd (228-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release: - Fix journald killing by watchdog. (Closes: #805042) - Drop check for /etc/mtab. (Closes: #802025) - Follow unit file symlinks in /usr, but not /etc when looking for [Install] data, to avoid getting confused by Aliases. (Closes: #719695) - journalctl: introduce short options for --since and --until. (Closes: #801390) - journald: Never accept fds from file systems with mandatory locking. (LP: #1514141) - Put nspawn containers in correct slice. (LP: #1455828) * Cherry-pick some networkd fixes from trunk to fix regressions from 228. * debian/rules: Configure with --as-needed to avoid unnecessary binary dependencies. * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as this might be legitimately called several times in quick succession. If that part of the "networkd" autopkgtest fails, show the journal log for that service for easier debugging. * debian/tests/boot-and-services: Add test case for systemd-coredump. * Add systemd-coredump postinst/prerm to enable/disable this without a reboot. * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as well, for usage in other distros. * debian/tests/logind: Skip suspend test if the kernel does not support suspend. * debian/tests/logind: Split tests into functions. * debian/tests/boot-and-services: Ignore failures of console-setup.service, to work around LP: #1516591. * debian/tests/control: Restrict boot-smoke test to isolation-machine, it does not currently work well in LXC. * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only, disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which will require a longer timeout due to waiting 12s for a potential IPv6 RA reply), and "DHCP=ipv4" (with and without RA). * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale. * debian/tests/networkd: Show networkctl and journal output on failure. * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling. (LP: #1516009) * debian/tests/networkd: Show contents of test .network file on failure. * debian/tests/networkd: Skip if networkd is already running (safer when running on real systems), and add copyright header. * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor ignores /etc/mtab. [ Felipe Sateler ] * Enable elfutils support for getting stack traces for systemd-coredump. * libnss-my{machines,hostname}.postrm: do not remove entries from nsswitch.conf if there are packages from other architectures remaining. [ Michael Biebl ] * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early during boot. * Various cleanups to the udev maintainer scripts: - Remove unused tempdir() function. - Properly stop udev daemon on remove. - Stop killing udev daemon on failed upgrades and drop the corresponding starts from preinst. - Stop masking systemd-udevd.service and udev.service during upgrades. We restart the udev daemon in postinst, so those masks seem unnecessary. -- Martin Pitt Wed, 18 Nov 2015 16:11:59 +0100 systemd (227-3) unstable; urgency=medium [ Martin Pitt ] * debian/tests/logind: Add tests for scheduled shutdown with and without wall message. * Import upstream fix for not unmounting system mounts (#801361) and drop our revert patch. * debian/tests/boot-smoke: Apply check for failed unmounts only to user systemd processes, i. e. not to pid 1. * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough initramfs-tools already, and this was just an error message, not breaking the boot. * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is faster. * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly academic and only applies to the already known-broken situation that rcS init.d scripts depend on $remote_fs. * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with proper upstream fix to never block on sending messages on NOTIFY_SOCKET socket. * Drop check for missing /etc/machine-id on "make check" failure; this isn't happening on current buildds any more. * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still fails and needs fixing. On failure, show kernel version and /etc/hosts to be able to debug them better. The next upload will make the necessary adjustments to fix package builds again. [ Michael Biebl ] * Drop dependency on udev from the systemd package. We don't need udev within a container, so this allows us to trim down the footprint by not installing the udev package. As the udev package has Priority: important, it is still installed by default though. * Include the status of the udev package when filing a bug report against systemd, and vice versa. * Use filter instead of findstring, since findstring also matches substrings and we only want direct matches. * systemd.bug-script: Fix typo. (Closes: #804512) * Re-add bits which call SELinux in systemd-user pam service. (Closes: #804565) [ Felipe Sateler ] * Add libnss-resolve package. (Closes: #798905) * Add systemd-coredump package. This Conflicts/Replaces/Provides a new "core-dump-handler" virtual package. (Closes: #744964) -- Martin Pitt Wed, 11 Nov 2015 15:04:26 +0100 systemd (227-2) unstable; urgency=medium * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes connection errors from various services on boot. (Closes: #801354) * debian/tests/boot-smoke: Check for failed unmounts. This reproduces #801361 (but not in a minimal VM, just in a desktop one). * Revert "core: add a "Requires=" dependency between units and the slices they are located in". This causes user systemd instances to try and unmount system mounts (and succeed if you login as root). (Closes: #801361) -- Martin Pitt Fri, 09 Oct 2015 12:34:27 +0200 systemd (227-1) unstable; urgency=medium * New upstream release. - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460) - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326) - Fix group of RuntimeDirectory dirs. (Closes: #798391) - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324) - Bump util-linux/libmount-dev dependencies to >= 2.27. * debian/libsystemd0.symbols: Add new symbols for this release. * debian/extra/initramfs-tools/hooks/udev: Copy all /etc/udev/rules.d/*.rules rules which are not merely overriding the one in /lib/, not just 70-persistent-net.rules. They might contain network names or other bits which are relevant for the initramfs. (Closes: #795494) * ifup@.service: Drop PartOf=network.target; we don't want to stop these units during shutdown. Stopping networking.service already shuts down the interfaces, but contains the safeguard for NFS or other network file systems. Isolating emergency.target still keeps working as before as well, as this also stops networking.service. (Closes: #761909, LP: #1492546) -- Martin Pitt Thu, 08 Oct 2015 11:34:35 +0200 systemd (226-4) unstable; urgency=medium * debian/tests/logind: Be more verbose on failures. * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the existing hooks are not relevant or even actively detrimental when running with networkd. For the relevant ones, a lot of them should be fixed in the projects themselves (using IP_FREEBIND etc.). (Closes: #798625) * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS server updates from networkd to resolvconf, if installed and enabled. * Don't restart logind on upgrades any more. This kills X.org (#798097) while logind doesn't save/restore its open fds (issue #1163), and also gets confused about being idle in between (LP: #1473800) -- Martin Pitt Fri, 02 Oct 2015 13:44:28 +0200 systemd (226-3) unstable; urgency=medium [ Martin Pitt ] * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso. (Closes: #798737) [ Michael Biebl ] * Stop building the compat library packages and drop them for good. * Update debian/copyright. -- Michael Biebl Sat, 19 Sep 2015 19:06:51 +0200 systemd (226-2) unstable; urgency=medium * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960) * udev.postinst: udev 226 introduced predictable interface names for virtio. Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances and similar environments. (Closes: #799034) -- Martin Pitt Tue, 15 Sep 2015 15:21:09 +0200 systemd (226-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release: - Fix scheduled shutdown to not shut down immediately. (Closes: #797763) - Fix description of CPE_NAME in os-release(5). (Closes: #797768) * debian/libsystemd0.symbols: Add new symbols from this release. * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403) * debian/tests/networkd: Add hotplug tests. * Make networkd call if-up.d/ scripts when it brings up interfaces, to become compatible with ifupdown and NetworkManager for packages shipping hooks. (LP: #1492129) - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for calling if-up.d/ or if-post-down.d/ hook scripts. Install it as root:systemd-networkd 4754 so that only networkd can run it. - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the above wrapper when links go up/down. - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts get run for a networkd managed interface. - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as they are often not applicable for networkd (if-pre-up.d) and unreliable (if-down.d). * Drop udev-finish. We needed this for the autogenerated CD and network interface names, but both are gone now. * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has been compiled into the kernel in both Debian and Ubuntu for a fair while, this never had a systemd equivalent, and Debian never shipped the accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY. * debian/control: Remove some boilerplate from the long descriptions, to more easily get to the point what a specific package actually does. * debian/README.Debian: As systemd is the default init now, replace the documentation how to switch to systemd with how to switch back (temporarily or permanently) to SysV init. Also move that paragraph to the bottom as it's now less important. * debian/README.Debian: Add a hint why you may want to enable persistent journal, and suggest to uninstall system-log-daemon to avoid duplicate logging. * debian/README.Debian: Add documentation about networkd integration. * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes easier to override. * debian-fixup.service just has one purpose now (make /etc/mtab a symlink), so drop the debian/extra/debian-fixup shell script and put the ln command directly into debian-fixup.service. Update the description. * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's nameserver in case it is a symlink (i. e. dynamically managed by systemd-resolved or resolvconf). * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/ as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as expected. * Drop debian/systemd-journal-remote.postrm: Removing system users is potentially dangerous (there might be a leftover process after purging). [ Michael Biebl ] * Drop libsystemd-login-dev. All reverse dependencies have been updated to use libsystemd-dev directly. * Update build instructions to use "gbp clone" instead of "gbp-clone" as all gbp-* commands have been removed from git-buildpackage. -- Martin Pitt Thu, 10 Sep 2015 16:53:53 +0200 systemd (225-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release. - Fixes FTBFS on alpha. (Closes: #792551) - Fixes machined state tracking logic. (Closes: #788269) * Add better fix for "systemctl link/enable" breakage with full paths. (LP: #1480310) * debian/rules: Add missing $(dh_options) in overridden debhelper targets. [ Felipe Sateler ] * Move conffile from systemd to systemd-container package (Closes: #797048) [ Michael Biebl ] * Drop unnecessary Conflicts/Replaces from systemd-journal-remote. None of the files in this package were previously shipped by systemd. * Create system users for systemd-journal-{gateway,remote,upload} when installing the systemd-journal-remote package. * Explicitly turn off the features we don't want in a stage1 build. Otherwise ./configure might enable them automatically if the build dependencies are installed and "dh_install --fail-missing" will then fail due to uninstalled files. * Enable GnuTLS support as systemd-journal-remote makes sense mostly with encryption enabled. * Rely on build profiles to determine which packages should be skipped during build and no longer specify that manually. * Drop our patch which removes rc-local-generator. rc-local.service acts as an ordering barrier even if its condition is false, because conditions are evaluated when the service is about to be started, not when it is enqueued. We don't want this ordering barrier on systems that don't need/use /etc/rc.local. -- Michael Biebl Sun, 30 Aug 2015 21:18:59 +0200 systemd (224-2) unstable; urgency=medium [ Martin Pitt ] * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e. the initramfs already ran fsck. * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552) * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310. * Add a hack to unbreak "systemctl link". (LP: #1480310) * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and rename to 40-vm-hotadd.rules. * Fix networkd crash. (Closes: #796358) * debian/rules: Remove all files/empty dirs in systemd which are already shipped by systemd-* or udev, instead of an explicit list. * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability. (Closes: #796389) * Install /lib/systemd/network/* into udev instead of systemd, as it's really udev which is evaluating these. * Split out "systemd-container" package with machined and nspawn and enable importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps. (LP: #1448900) * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev. * debian/rules: Limit check for libraries in /usr to systemd and udev packages, as other packages like systemd-containers can (and do) link to /usr. * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build profiles support. * Drop "display-managers" autopkgtest, obsolete with dropped default-display-manager-generator. * boot-and-services autopkgtest: Add systemd-container test dependency for the nspawn tests. * Don't enable audit support when building with "stage1" profile, to avoid circular build dep. [ Helmut Grohne ] * Improve support for cross-building and bootstrapping. [ Michael Biebl ] * Drop default-display-manager-generator. All major desktops now use a display manager which support the new scheme and setup the /etc/systemd/system/display-manager.service symlink correctly. * Add new binary package "systemd-journal-remote" with tools for sending/receiving remote journal logs: systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952) -- Martin Pitt Tue, 25 Aug 2015 12:40:35 +0200 systemd (224-1) unstable; urgency=medium * New upstream release. * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by default, but fails in most virtual envs. -- Martin Pitt Sat, 01 Aug 2015 13:38:57 +0200 systemd (223-2) unstable; urgency=medium * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as there is no available hardware. * debian/extra/initramfs-tools/hooks/udev: Don't fail if /etc/systemd/network/ does not exist. (Closes: #794050) -- Martin Pitt Thu, 30 Jul 2015 08:25:51 +0200 systemd (223-1) unstable; urgency=medium * New upstream release: - Fix systemd-bootchart crash. (Closes: #792403) - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839) - Fix "Invalid argument" failure with some journal files. (Closes: #792090) - tmpfiles: Don't recursively descend into journal directories in /var. (Closes: #791897) - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in automount timers. (LP: #1470845) - tmpfiles: Don't delete lost+found/. (Closes: #788193) [ Michael Biebl ] * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst. The udev package is using dpkg-maintscripts-helper now to remove obsolete conffiles. * systemd: Remove obsolete conffile clean up from pre-wheezy. * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well. [ Martin Pitt ] * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the systemd EFI boot loader. (Closes: #787720, LP: #1472283) * networkd autopkgtest: More robust/forceful killing of dnsmasq. * ifup@.service: Drop "oneshot" to run ifup in the background during boot. This avoids blocking network.target on boot with unavailable hotplug interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376) * systemd.postinst: Avoid confusing error message about /run/systemd/was-enabled not existing on reconfiguring. * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code. * Fix networkd-wait-online -i to properly wait for the given interfaces only. * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default now, thus we don't need to copy 70-persistent-*.rules any more. * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just like we did in the initramfs in 219-10. * Fix size explosion of networkd (post-223 patch from trunk). [ Julian Wollrath ] * Copy all .link interface naming definitions to initramfs. (Closes: #793374) [ Felipe Sateler ] * nss-my*.postinst: configure at the end of the hosts line, not before files. (Closes: #789006) -- Martin Pitt Thu, 30 Jul 2015 00:02:26 +0200 systemd (222-2) unstable; urgency=medium [ Adam Conrad ] * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542) * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools. [ Martin Pitt ] * emergency.service: Wait for plymouth to shut down. Fixes invisible emergency shell with plymouth running endlessly. (LP: #1471258) * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth device. [ Michael Biebl ] * Bump package priorities of systemd and systemd-sysv to important to match what has been used in the Debian archive since Jessie. * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux kernel module has been broken since 2.6.30 and as a result was removed in 3.5. The Debian Jessie kernel no longer ships this module. (Closes: #752775) * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no reverse dependencies left and we want to avoid new packages picking up a build dependency on those obsolete transitional packages. -- Michael Biebl Wed, 15 Jul 2015 23:51:15 +0200 systemd (222-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release: - Fix reload killing BusName= units. (Closes: #746151) - sysv-generator: detect invalid names and escape them. (Closes: #677075) - Document removal of PIDFile on daemon shutdown. (Closes: #734006) - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend rules now got dropped entirely. * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse patches which alternately broke lightdm and gdm. * debian/libsystemd0.symbols: Add new symbols from this release. * Disable test-netlink during package build, fails on some buildds. * udev.postinst: Don't call addgroup with --quiet, so that if the "input" group already exists as a non-system group you get a sensible error message. Some broken tutorials forget the --system option. (Closes: #769948, LP: #1455956) * systemd.postinst: Drop the --quiet from the addgroup calls as well, same reason as above. (Closes: #762275) * udev: Drop doc dir symlinking. It has caused too much trouble and only marginally helps to avoid duplication. Such duplication should be dealt with at the distro, not package level. * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in the link check, to also avoid libeatmydata. (Closes: #790546) * boot-and-services, display-managers autopkgtests: Install and configure dummy X.org driver, so that these work in headless machines/VMs. * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check that default.target is active. lightdm is prone to fail in test environments, and fiddling with it in two other autopkgtests is sufficient. * debian/watch: Adjust to new upstream release model of only providing the github tag tarballs. * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few if any people actually use this, and this doesn't belong into udev. [ Michael Biebl ] * Stop building the Python 3 bindings. They were split into a separate source package upstream and are now built from src:python-systemd. See http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html * Remove obsolete --disable-chkconfig configure option. * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf from systemd into the correct package. Move the zsh completion file for udevadm into the udev package as well. Add Breaks/Replaces accordingly. (Closes: #790879) * Drop rules which remove pre-generated files before build. The upstream tarball no longer ships any pre-generated files so this is no longer necessary. * Fix cleanup rule for Python byte code files. -- Michael Biebl Wed, 08 Jul 2015 18:56:07 +0200 systemd (221-1) unstable; urgency=medium * New upstream release 221: - Fix persistent storage links for Xen devices. (LP: #1467151) - Drop all backported patches and port the others to new upstream release. - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine. [ Michael Biebl ] * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules, 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules. The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays to make sure their udev rules files are installed into the initramfs. Having the copy rules at two places is confusing and makes debugging harder. * Make it possible to skip building udeb packages via DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing and is benefical for derivatives that don't use d-i. * Install API documentation for libudev and libsystemd in their respective packages. Both libraries use man pages now, so we need to be explicit about what is installed where. [ Martin Pitt ] * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have different ways of including /etc/network/interfaces.d/, try to get along wit either and skip the test if interfaces.d/ does not get included at all. * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and ./configure options. * libudev-dev.install: Drop gtk-doc files, not built by upstream any more and replaced with manpages. * libsystemd0.symbols: Add new symbols for this release. * debian/rules: Fix paths in manpages as we don't currently have a merged /usr in Debian but have most systemd things in /lib. This replaces the previous huge and maintenance-intense patch. * Drop Accept-mountall-specific-fstab-options.patch. Replaced with systemd.postinst migration code in Ubuntu. * Revert overly aggressive USB autosuspend udev rules change which broke various USB keyboards. (Closes: #789723) * Have rc-local.service output also go to the console. /etc/rc.local often contains status messages which users expect to see during boot. (LP: #1468102) * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's udev -> libudev1 doc dir symlinking. (Closes: #790042) -- Martin Pitt Sun, 28 Jun 2015 12:05:36 +0200 systemd (220-7) unstable; urgency=medium [ Michael Biebl ] * Enable seccomp support on arm64 as well. * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream provided patch. [ Martin Pitt ] * Switch to net.ifnames persistent network interfaces (on new installations/for new hardware), and deprecate the old 75-persistent-net-generator.rules. See the ML discussion for details: https://lists.debian.org/debian-devel/2015/05/msg00170.html https://lists.debian.org/debian-devel/2015/06/msg00018.html - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use net.ifnames by default. - Revert-udev-network-device-renaming-immediately-give.patch: Adjust patch comment. - Drop 75-persistent-net-generator.rules, write_net_rules helper and rule_generator.functions. - Adjust udev's README.Debian accordingly, and describe the migration. This needs to happen manually as there is no robust way of doing this automatically. - Add udev NEWS file for announcing this change and pointing to udev's README. - udev.postinst: Drop write_interfaces_rules(). - udev.postinst: Disable net.ifnames on systems which did not support 75-persistent-net-generator.rules (most importantly, virtualized guests) to avoid changing network interface names on upgrade. - LP: #1454254 * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to POTFILES.in. * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must not have a suffix in Debian. Also clean up the file after the test. * net.agent: When running under systemd, run everything in the foreground. This avoids killing the forked child in the middle of its operation under systemd when the parent exits. * Check during build that systemd and systemd-journald don't link against anything in /usr, to prevent bugs like #771652 and #788913 in the future. * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules mostly just attach tags systemd specific properties which are harmless under other init systems, and systemd-sysctl also works there. * 80-networking.rules: Only call agents for add|remove, as they don't handle other events. * Restore udev watches on block device changes. (Closes: #789060, LP: #1466081) -- Martin Pitt Wed, 17 Jun 2015 22:48:53 +0200 systemd (220-6) unstable; urgency=medium * Enable seccomp support on the architectures that provide libseccomp. (Closes: #760299) * boot-and-services autopkgtest: Add SeccompTest for the above. * boot-and-services autopkgtest: Check that we don't get an unwanted tmp.mount unless /etc/fstab explicitly specifies it. * Bump libcap-dev build dep to the version that provides libcap2-udeb. (Closes: #787542) * Stop installing tmp.mount by default; there are still situations where it becomes active through dependencies from other units, which is surprising, hides existing data in /tmp during runtime, and it isn't safe to have a tmpfs /tmp on every install scenario. (Closes: #783509) - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of /lib/systemd/systemd. - systemd.postinst: When tmp.mount already was enabled, install tmp.mount into /etc and keep it enabled. - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it from /usr/share. - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more. -- Martin Pitt Thu, 11 Jun 2015 09:25:49 +0200 systemd (220-5) unstable; urgency=medium * debian/README.source: Upstream repository moved to github, adjust cherry-picking instructions accordingly. * debian/control: Replace obsolete Python2 version header with X-Python3-Version. * dracut: Fix path to systemd-fsck. (Closes: #787553) * Ignore test failures during build if /etc/machine-id is missing (which is the case in a few buildd chroots still). (Closes: #787258) * debian/udev.README.Debian: Move network interface hotplug documentation into separate section. Point out that "lo" does not need to be configured in ifupdown under systemd. * debian/udev.README.Debian: Document net.ifnames, and how to write udev rules for custom network names. * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network interfaces which are (directly or indirectly) on USB. Path based names are inadequate for dynamic buses like USB. * Fix another escape parsing regression in Exec*= lines. (Closes: #787256) * Disable EFI support for udeb build. * Refine detection of touch screen devices. -- Martin Pitt Sun, 07 Jun 2015 16:52:33 +0200 systemd (220-4) unstable; urgency=medium [ Martin Pitt ] * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait. This does not concern udev in particular, but is handled by initramfs-tools itself (scripts/local). The intention of this parameter is not to statically wait for the given time, but wait *up to* that time for the root device to appear. * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make rc-local.service wait for network-online.target (if it gets started). This not specified by LSB, but has been behaving that way in Debian under SysV init and upstart. (LP: #1451797) * Fix parsing of escape characters in Exec*= lines. (Closes: #787256) * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was already not applied in 220-1). This needs to be re-thought and re-done against the current code, and overlayfs in general. On overlayfs this still reports false positives for files that changed in the upperdir, but this does not break systemd-machine-id-commit any more. * Add debian/extra/rules/80-debian-compat.rules, replacing three of our patches. These are independent udev rules to change device permissions and add CD/DVD symlinks for compatibility with earlier Debian releases. [ Michael Biebl ] * Bump Depends on util-linux to make sure we have a sulogin implementation which properly cleans up its children when emergency.service is restarted. (Closes: #784238) * Stop using /sbin/udevd and drop the compat symlink. * Remove any vestiges of /dev/.udev/. This directory has been replaced by /run/udev/ since wheezy. * Drop udev migration code from pre-wheezy. -- Martin Pitt Tue, 02 Jun 2015 08:16:36 +0200 systemd (220-3) unstable; urgency=medium * Fix ProtectSystem=yes to actually protect /usr, not /home. (Closes: #787343) * sd-device: fix device_get_properties_strv(). Fixes environment for processes spawned by udev, in particular "allow-hoplug" ifupdown interfaces via ifup@.service. (Closes: #787263) * Ignore test failures on mipsel; the three failures are not reproducible on the porter box (different kernel?). (See #787258) * Add ifupdown-hotplug autopkgtest. Reproduces #787263. * udev: Bring back persistent storage symlinks for bcache. Thanks David Mohr! (Closes: #787367) * sd-device: Fix invalid property strv pointers. This unbreaks the environment of udev callouts. -- Martin Pitt Mon, 01 Jun 2015 12:58:20 +0200 systemd (220-2) unstable; urgency=low * 220-1 was meant to go to experimental, but was accidentally uploaded to unstable. This was planned for next week anyway, just not on a Friday; we don't revert, but keep an RC bug open for a few days to get broader testing. Reupload 220-1 with its changelog actually pointing to unstable and with all versions in the .changes. -- Martin Pitt Fri, 29 May 2015 18:54:09 +0200 systemd (220-1) unstable; urgency=medium [ Martin Pitt ] * New upstream release: - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650) - Drop non-working "journalctl /dev/sda" example from manpage (Closes: #781604) - man systemd.network: Explain UseDomains a bit more (not used by default). (Closes: #766413) - Ignore comments in /etc/hostname (LP: #1053048) - Drop all backported patches and port the others to new upstream release. * Cherry-pick patch to fix udevd --daemon assertion regression. * Cherry-pick patch to fix udevd worker hang. * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/. * libsystemd0.symbols: Add new symbols from this release. * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version, and it's not nearly as often updated any more as it used to be. * debian/rules: Remove shipped audit_type-to-name.h and keyboard-keys-from-name.gperf and regenerate them during build (bug in upstream 220 tarball). * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the 220 tarball. * Add libnss-mymachines binary package. (Closes: #784858) * Add libnss-myhostname binary package, taking over from the very old and unmaintained standalone source package as per its maintainer's request. (Closes: #760514) * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in debian/rules on sparc only. This can be dropped entirely once we build GUdev from a separate source. * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e. the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this. * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust was_running() for that. * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(), fix plymouthd status check to work under both Debian and Ubuntu. * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed patches. (The remainder is planned to get fixed upstream as well.) * Remove our update-rc.d patches, replace them with upstream patches for /lib/systemd/systemd-sysv-install abstraction, and provide one for update-rc.d. Also implement "is-enabled" command by directly checking for the presence of rcS or rc5 symlinks. (Closes: #760616) * Fix path_is_mount_point for files (regression in 220). * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically. * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu. [ Michael Biebl ] * Remove /var/run and /var/lock migration code from debian-fixup. The /run migration was completed in wheezy so this is no longer necessary. * Drop our versioned Depends on initscripts. This was initially added for the /run migration and later to ensure we have a mountnfs hook which doesn't cause a deadlock under systemd. The /run migration was completed in wheezy and jessie ships a fixed mountnfs hook. In addition we now use the ignore-dependencies job mode in our lsb init-functions hook, so it's safe to drop this dependency. * Stop building gudev packages. Upstream has moved the gudev code into a separate repository which is now managed on gnome.org. The gudev packages will be built from src:libgudev from now on. See also http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html -- Martin Pitt Fri, 29 May 2015 10:37:40 +0200 systemd (219-10) experimental; urgency=medium * Fix assertion crash with empty Exec*= paths. (LP: #1454173) * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch and Avoid-reloading-services-when-shutting-down.patch: This was fixed more robustly in invoke-rc.d and service now, see #777113. * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down. * Fix "tentative" state of devices which are not in /dev (mostly in containers), and avoid overzealous cleanup unmounting of mounts from them. (LP: #1444402) * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls. * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long obsolete, CD ejection with the hardware button works properly without it. * Re-enable-journal-forwarding-to-syslog.patch: Update patch description, journal.conf.d/ exists now. * journal: Gracefully handle failure to bind to audit socket, which is known to fail in namespaces (containers) with current kernels. Also conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ. (LP: #1457054) * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping of unit names, reduces the delta, and will make it easier to get a common solution for integrating ifup.d/ scripts with networkd. * When booting with "quiet", run the initramfs' udevd with "notice" log level. (LP: #1432171) * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in a container. This makes lxc-stop work for systemd containers. (LP: #1457321) * write_net_rules: Escape '{' and '}' characters as well, to make this work with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) -- Martin Pitt Thu, 21 May 2015 09:43:52 +0200 systemd (219-9) experimental; urgency=medium * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver, not a subsystem). (LP: #1437375) * debian/tests/unit-config: Add tests for systemctl enable/disable on a SysV-only unit. Reproduces LP #1447807. * Fix systemctl enable for SysV scripts without a native unit. We must not try and enable the nonexisting unit then. (LP: #1447807) * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always be installed via the essential "init" in buildd schroots now. * debian/README.source: Update git-buildpackage commands for the renames in 0.6.24. * Make apparmor run before networking, to ensure that profiles apply to e. g. dhclient (LP: #1438249): - Rename networking.service.d/network-pre.conf to systemd.conf, and add After=apparmor.service. - ifup@.service: Add After=apparmor.service. - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to $remote_fs. * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only needed for upgrades from wheezy to jessie. * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade fixes. * systemd-fsckd autopkgtest: Stop assuming that /etc/default/grub.d/90-autopkgtest.cfg exists. * systemd-fsckd autopkgtest: Add missing plymouth test dependency. * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump util-linux dependency to the version which enables --enable-libmount-force-mountinfo. -- Martin Pitt Wed, 13 May 2015 12:27:21 +0200 systemd (219-8) experimental; urgency=medium [ Michael Biebl ] * Skip filesystem check if already done by the initramfs. (Closes: #782522) * Drop hard-coded versioned dependency on libapparmor1. Bump the Build-Depends on libapparmor-dev instead. This ensures a proper versioned dependency via Build-Depends-Package. * Revert "Make apparmor run before networking". This causes dependency cycles while apparmor still depends on $remote_fs. * Cleanup hwclock-save.service symlinks when upgrading from the jessie version. [ Martin Pitt ] * cryptsetup: Implement offset and skip options. (Closes: #751707, LP: #953875) * logind autopkgtest: Add test for suspending on lid switch close. This reproduces LP #1444166 (lid switch not working in the first few minutes after boot). * Reduce the initial suspend supression time from 3 minutes to 30 seconds, and make it configurable. (LP: #1444166) * Fix double free crash in "systemctl enable" when calling update-rc.d and the latter fails. (Closes: #764613, LP: #1426588) * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849) * Fix assertion crash when reading a service file with missing ' and trailing space. (LP: #1447243) * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not shut down network interfaces. (Closes: #762953, LP: #1449380). Add PartOf=network.target, so that stopping network.target also stops network interfaces (so that isolating emergency.target and similar work as before). * Revert upstream commit 743970d which immediately SIGKILLs units during shutdown. This leads to problems like bash not being able to write its history, mosh not saving its state, and similar failed cleanup actions. (Closes: #784720, LP: #1448259) * Drop the reversion of "journald: allow restarting journald without losing stream connections", and replace with proper upstream fix for sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896) -- Martin Pitt Wed, 29 Apr 2015 17:13:41 +0200 systemd (219-7) experimental; urgency=medium [ Martin Pitt ] * Make systemd-sysv's dependency to systemd unversioned. The package just contains 6 symlinks and thus isn't sensitive at all against version mismatches. This avoids running into circular dependencies when testing local debs. * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch which moves it to systemd-udev-trigger.service. * display-managers autopkgtest: Properly wait until all jobs are finished. * display-managers autopkgtest: Reset failed units between tests, to avoid running into restart limits and for better test isolation. * Enable timesyncd in virtual machines. (Closes: #762343) [ Adam Conrad ] * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload when init scripts are installed or removed (Closes: #766429) [ Didier Roche ] * Squash all fsckd patches in one (as fsckd and such will be removed soon upstream), containing various fixes from upstream git and refactor the connection flow to upstream's suggestion. Modify the man pages to match those modifications as well. Amongst others, this suppresses "Couldn't connect to plymouth" errors if plymouth is not running. (Closes: #782265, LP: #1429171) * Keep plymouth localized messages in a separate patch for easier updates in the future and refresh to latest upstream. * display-managers autopkgtest: Use ExecStart=sleep instead of the actual lightdm binary, to avoid errors from lightdm startup. Drop the now unnecessary "needs-recommends" to speed up the test. -- Martin Pitt Fri, 10 Apr 2015 11:08:33 +0200 systemd (219-6) experimental; urgency=medium [ Martin Pitt ] * Import patches from v219-stable branch (up to 85a6fab). * boot-and-services autopkgtest: Add missing python3 test dependency. * Make apparmor run before networking, to ensure that profiles apply to e. g. dhclient (LP: #1438249): - Rename networking.service.d/network-pre.conf to systemd.conf, and add After=apparmor.service. - ifup@.service: Add After=apparmor.service. * udev: Drop hwdb-update dependency, which got introduced by the above v219-stable branch. This causes udev and plymouth to start too late and isn't really needed in Debian yet as we don't support stateless systems yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301) [ Didier Roche ] * Fix mount point detection on overlayfs and similar file systems without name_to_handle_at() and st_dev support. (LP: #1411140) [ Christian Seiler ] * Make the journald to syslog forwarding more robust by increasing the maximum datagram queue length from 10 to 512. (Closes: #762700) [ Marco d'Itri ] * Avoid writing duplicate entries in 70-persistent-net.rules by double checking if the new udev rule has already been written for the given interface. This happens if multiple add events are generated before the write_net_rules script returns and udevd renames the interface. (Closes: #765577) -- Martin Pitt Thu, 02 Apr 2015 09:14:48 +0200 systemd (219-5) experimental; urgency=medium [ Didier Roche ] * Add "systemd-fsckd" autopkgtest. (LP: #1427312) * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split (test gets skipped on Debian while upstart-sysv does not yet exist there). * Cherry-pick a couple of upstream commits for adding transient state, fixing a race where mounts become available before the device being available. * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds an After relationship. (Closes: #779902) [ Martin Pitt ] * journald: Suppress expected cases of "Failed to set file attributes" errors. (LP: #1427899) * Add systemd-sysv.postinst: Update grub on first installation, so that the alternative init system boot entries get updated. * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >= 3.11.1. * Check for correct architecture identifiers for SuperH. (Closes: #779710) * Fix tmpfiles.d to only apply the first match again (regression in 219). (LP: #1428540) * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit dependencies in "degraded" mode. (LP: #1429734) [ Michael Biebl ] * debian/udev.init: Recognize '!' flag with static device lists, to work with kmod 20. (Closes: #780263) [ Craig Magina ] * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811) [ Scott Wakeling ] * Rework package description to be more accurate. (Closes: #740372) -- Martin Pitt Thu, 26 Mar 2015 16:31:04 +0100 systemd (219-4) experimental; urgency=medium * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean them up on upgrade. (Closes: #778656) * bootchart: Fix path to default init. (LP: #1423867) * Add "bootchart" autopkgtest, to spot regressions like the above. * autopkgtests: Factorize out "assert.sh" utility functions, and use them in the tests for useful failure messages. * Downgrade requirement for timedated, hostnamed, localed-locale, and logind autopkgtests from machine to container isolation. * boot-and-services and display-manager autopkgtest: Add systemd-sysv as proper test dependency instead of apt-get installing it. This works now also under Ubuntu 15.04. * boot-and-services autopkgtest: Check cleanup of temporary files during boot. Reproduces #779169. * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992) -- Martin Pitt Fri, 27 Feb 2015 07:02:09 +0100 systemd (219-3) experimental; urgency=medium * sysv-generator: fix wrong "Overwriting existing symlink" warnings. (Closes: #778700) * Add systemd-fsckd multiplexer and feed its output to plymouth. This provides an aggregate progress report of running file system checks and also allows cancelling them with ^C, in both text mode and Plymouth. (Closes: #775093, #758902; LP: #1316796) * Revert "journald: allow restarting journald without losing stream connections". This was a new feature in 219, but currently causes boot failures due to logind and other services not starting up properly. (Closes: #778970; LP: #1423811) * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and that there are no connection timeouts or stalled jobs. This reproduces the above regression. * debian/tests/localed-locale: Set up locale and keyboard default files on a minimal unconfigured testbed. * Add missing python3 test dependency to cmdline-upstart-boot and display-managers autopkgtests. * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not enabled. * debian/tests/boot-and-services: Reboot also if lightdm was just installed but isn't running yet. -- Martin Pitt Mon, 23 Feb 2015 09:52:12 +0100 systemd (219-2) experimental; urgency=medium * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654) * Disable new new test-sigbus, it fails on some buildds due to too old kernels. (part of #778654) * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf. * Drop "acl" dependency, not necessary any more with the above. * debian/tests/boot-and-services: Move to using /var/lib/machines/, /var/lib/containers is deprecated. -- Martin Pitt Wed, 18 Feb 2015 15:29:42 +0100 systemd (219-1) experimental; urgency=medium [ Martin Pitt ] * New upstream release: - Fix spelling mistake in systemd.unit(5). (Closes: #773302) - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012) - Fix load/save of multiple rfkill states. (Closes: #759489) - Non-persistent journal (/run/log/journal) is now readable by group adm. (Closes: #771980) - Read netdev user mount option to correctly order network mounts after network.target. (Closes: #769186) - Fix 60-keyboard.hwdb documentation and whitespace handling. (Closes: #757367) - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930) - Drop all backported patches and port the others to new upstream release. * Bump libblkid-dev build dependency as per upstream configure.ac. * debian/systemd.install: Add new language-fallback-map file. * debian/udev.install: Add new systemd-hwdb tool. * debian/libsystemd0.symbols: Add new symbols from this release. * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in Debian) to make the ACL for "adm" actually work. * debian/rules: Explicitly disable importd for now; it should still mature a bit. Explicitly enable hwdb support. * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running with --quiet. (LP: #1421058) * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target enablement symlinks on purge. (Closes: #778499) * Move all Debian specific units in the systemd package into debian/extra/units/ and simplify debian/systemd.install. * Enable timesyncd by default. Add a config drop-in to not start if ntp, openntpd, or chrony is installed. (Closes: #755722) * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this was dropped in wheezy's util-linux already. * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb. [ Michael Biebl ] * Stop removing firstboot man pages. They are now installed conditionally. -- Martin Pitt Tue, 17 Feb 2015 15:51:38 +0100 systemd (218-10) experimental; urgency=medium * Pull latest keymaps from upstream git. (LP: #1334968, #1409721) * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids kernel buffer I/O errors and timeouts. (LP: #1333140) * Clean up stale mounts when ejecting CD drives with the hardware eject button. (LP: #1168742) * Document systemctl --failed option. (Closes: #767267) * Quiesce confusing and irrelevant "failed to reset devices.list" warning. (LP: #1413193) * When booting with systemd-bootchart, default to run systemd rather than /sbin/init (which might not be systemd). (LP: #1417059) * boot-and-services autopkgtest: Add CgroupsTest to check cgroup creation/cleanup behaviour. This reproduces #777601 and verifies the fix for it. -- Martin Pitt Fri, 13 Feb 2015 12:25:06 +0100 systemd (218-9) experimental; urgency=medium [ Martin Pitt ] * debian/tests/logind: With dropped systemd-logind-launch we don't have a visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the test to check /proc/self/cgroup instead. * Add unit-config autopkgtest to check systemd unit/sysv init enabling and disabling via systemctl. This also reproduces #777613. * systemctl: Always install/enable/disable native units, even if there is a corresponding SysV script and we call update-rc.d; while the latter handles WantedBy=, it does not handle Alias=. (Closes: #777613) * cgroup: Don't trim cgroup trees created by someone else, just the ones that systemd itself created. This avoids cleaning up empty cgroups from e.g. LXC. (Closes: #777601) * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the former is a file, it's most likely outdated on boot, leading to race conditions and unmounts during boot. (LP: #1419623) [ Michael Biebl ] * Explicitly disable the features we don't want to build for those with autodetection. This ensures reliable build results in dirty build environments. * Disable AppArmor support in the udeb build. * core: Don't fail to run services in --user instances if $HOME is missing. (Closes: #759320) [ Didier Roche ] * default-display-manager-generator: Avoid unnecessary /dev/null symlink and warning if there is no display-manager.service unit. -- Michael Biebl Thu, 12 Feb 2015 18:45:12 +0100 systemd (218-8) experimental; urgency=medium [ Martin Pitt ] * boot-and-services autopkgtest: Ensure that there are no failed units, except possibly systemd-modules-load.service (as that notoriously fails with cruft in /etc/modules). * Revert "input" system group creation in systemd.postinst from 218-7. It's already done in udev.postinst. * ifup@.service: Revert checking for existance of ifupdown config for that interface, net.agent already does that. * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not necessary any more with the current version (mangle_names() already takes care of this). * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch: - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it partially reverts the above, and is just fixing it. - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just adding some missing functionality for the same purpose. * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former is fixing the latter and is not an independent change. * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch wrapper. The only remaining thing that we need from it is to create /run/systemd/, move that into the D-BUS service file directly. * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo reload" can easily cause deadlocks, since the synchronous wait plus systemd's normal behaviour of transactionally processing all dependencies first easily causes dependency loops. Thus during boot/shutdown operate only on the unit and not on its dependencies, just like SysV behaves. (Closes: #777115, LP: #1417010) * Only start logind if dbus is installed. This fixes the noisy startup failure in environments without dbus, such as LXC containers or servers. (part of #772700) * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if dbus is not installed, and hence logind cannot auto-start them on demand. (Closes: #772700) [ Michael Biebl ] * Update insserv-generator and map $x-display-manager to display-manager.service, following the recent change in sysv-generator. This avoids creating references to a no longer existing x-display-manager.target unit. -- Martin Pitt Mon, 09 Feb 2015 18:07:22 +0100 systemd (218-7) experimental; urgency=medium [ Martin Pitt ] * Don't attempt to mount the same swap partition twice through different device node aliases. (Closes: #772182, LP: #1399595) * logind: handle closing sessions over daemon restarts. (Closes: #759515, LP: #1415104) * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release after log out actually work. * debian/rules: Drop obsolete --disable-multi-seat-x and --with-firmware-path configure options. * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or described in manpages. Only keep the Debian specific bits. (Part of #776546) * Actually install udev's README.Debian when building for Debian. (Closes: #776546) * Create system group "input" which was introduced in 215. (LP: #1414409) * ifup@.service: Don't fail if the interface is not configured in /etc/network/interfaces at all. (LP: #1414426) [ Michael Biebl ] * Update Vcs-Browser URL to use cgit and https. * Map $x-display-manager LSB facility to display-manager.service instead of making it a target. Using a target had the downside that multiple display managers could hook into it at the same time which could lead to several failed start attempts for the non-default display manager. -- Martin Pitt Sun, 01 Feb 2015 20:48:49 +0100 systemd (218-6) experimental; urgency=medium [ Martin Pitt ] * initramfs hook: Install 61-persistent-storage-android.rules if it exists. * Generate POT file during package build, for translators. * Pull latest keymaps from upstream git. * Order ifup@.service and networking.service after network-pre.target. (Closes: #766938) * Tone down "Network interface NamePolicy= disabled on kernel commandline, ignoring" info message to debug, as we expect this while we disable net.ifnames by default. (Closes: #762101, LP: #1411992) [ Michael Biebl ] * Ship bash-completion for udevadm. (Closes: #776166) * Drop rc-local generator in favor of statically enabling rc-local.service, and drop halt-local.service which is unnecessary on Debian. (Closes: #776170) * Drop the obsolete libsystemd-* libraries, there are no reverse dependencies left. -- Martin Pitt Mon, 26 Jan 2015 15:45:45 +0100 systemd (218-5) experimental; urgency=medium * Drop logger.agent. It hasn't been called from any udev rule for a long time, and looks obsolete. * debian/rules: Configure with --disable-firstboot to replace some manual file removals. * debian/rules: Remove manual file installation, move them to debian/*.install. Move all Debian specific installed files to debian/extra/. * Merge some changes from the Ubuntu package to reduce the delta; these only apply when building on/for Ubuntu: - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466. - Add 61-persistent-storage-android.rules to create persistent symlinks for partitions with PARTNAME. By Ricardo Salveti. - Add 71-power-switch-proliant.rules for supporting the power switches of ProLiant Server Cartridges. By Dann Frazier. - Add 78-graphics-card.rules: Mark KMS capable graphics devices as PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth. By Scott James Remnant. - Don't install the Debian *.agent scripts. Instead, have Ubuntu's 80-networking.rules directly pull in ifup@.service, which is much easier and more efficient. * Make EPERM/EACCESS when applying OOM adjustment for forked processes non-fatal. This happens in user namespaces like unprivileged LXC containers. * Fix assertion failure due to /dev/urandom being unmounted when shutting down unprivileged containers. Thanks Stéphane Graber. * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but also provides a generator for auto-detecting the root and the /boot/efi partition if they aren't in /etc/fstab. (Closes: #773533) -- Martin Pitt Thu, 22 Jan 2015 16:13:46 +0100 systemd (218-4) experimental; urgency=medium [ Michael Biebl ] * sysv-generator: handle Provides: for non-virtual facility names. (Closes: #774335) * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr isn't mounted yet. This happens with initramfs-tools < 0.118 which we might not get into Jessie any more. (Closes: #742048) [ Martin Pitt ] * fstab-generator: Handle mountall's non-standard "nobootwait" and "optional" options. ("bootwait" is already the systemd default behaviour, and "showthrough" is irrelevant here, so both can be ignored). * Add autopkgtest for one-time boot with upstart when systemd-sysv is installed. This test only works under Ubuntu which has a split out upstart-bin package, and will be skipped under Debian. * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to work around ifup not failing on invalid interfaces (see #773539) * debian/ifup@.service: Set proper service type (oneshot). * sysv-generator: Handle .sh suffixes when translating Provides:. (Closes: #775889) * sysv-generator: Make real units overwrite symlinks generated by Provides: from other units. Fixes failures due to presence of backup or old init.d scripts. (Closes: #775404) * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. (Closes: #775067) * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add versioned dependency as long as this is still only in experimental. (Closes: #775331) * Add some missing dpkg and ucf temp files to the "hidden file" filter, to e. g. avoid creating units for them through the sysv-generator. (Closes: #775903) * Silence useless warning about /etc/localtime not being a symlink. This is deliberate in Debian with /usr (possibly) being on a separate partition. (LP: #1409594) [ Christian Kastner ] * Use common-session-noninteractive in systemd-user's PAM config, instead of common-session. The latter can include PAM modules like libpam-mount which expect to be called just once and/or interactively, which already happens for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as it's not included in -noninteractive, but is always required (and idempotent). There is no net change on systemd which don't use manually installed PAM modules. (Closes: #739676) [ Michael Biebl ] * Make sure we run debian-fixup.service after /var has been mounted if /var is on a separate partition. Otherwise we might end up creating the /var/lock and /var/run symlink in the underlying root filesystem. (Closes: #768644) -- Martin Pitt Wed, 21 Jan 2015 15:57:50 +0100 systemd (218-3) experimental; urgency=medium * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds, and restrict this test to isolation-container. (Reproduces LP #1400203) * Bring back patch to make sd_login_monitor_new() work under other init systems where /sys/fs/cgroup/systemd/machine does not exist. (LP: #1400203) * build-login autopkgtest: Build against libsystemd, not libsystemd-login any more. * Add debian/extra/systemd-vconsole-setup.service dependency shim for the console-setup init script, to avoid breaking dependencies of third-party packages. Install it for Ubuntu only for now, as in Debian plymouth's unit got adjusted. (LP: #1392970, Debian #755194) * Mark systemd{,-sysv} as M-A: foreign (thanks lintian). * Quiesce maintainer-script-calls-systemctl lintian warning. * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's wrong there (we are handling tmpfiles.d/ files which are not in a temp dir). * Use dh_installinit's --noscript instead of --no-start for the upstart jobs without sysvinit scripts (thanks lintian). * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch specific libdir value. * Don't enable audit by default. It causes flooding of dmesg and syslog, suppressing actually important messages. (Closes: #773528) * Cherrypick various bug fixes in loopback device setup and netlink socket communication. Fixes massive CPU usage due to tight retry loops in user LXC containers. -- Martin Pitt Mon, 29 Dec 2014 14:55:35 +0100 systemd (218-2) experimental; urgency=medium * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is racy as sometimes message bursts are suppressed. * Fix crash in timedatectl with Etc/UTC. * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output on failure. * Disable tests which fail on buildds, presumably due to too old kernels, misconfigured /etc/hosts, and similar problems. Make failures of the test suite fatal now. -- Martin Pitt Tue, 16 Dec 2014 08:24:38 +0100 systemd (218-1) experimental; urgency=medium * New upstream release. Drop all cherry-picked patches and port the Debian specific ones. - Create /etc/machine-id on boot if missing. (LP: #1387090) * Add new libmount-dev build dependency. * Configure with --enable-split-usr. * Merge some permanent Ubuntu changes, using dpkg-vendor: - Don't symlink udev doc directories. - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before it got merged into udev. - Add Apport hooks for udev and systemd. * udev-fallback-graphics upstart job: Guard the modprobe with || true to avoid a failure when vesafb is compiled in. (LP: #1367241) -- Martin Pitt Sun, 14 Dec 2014 13:58:39 +0100 systemd (217-4) experimental; urgency=medium [ Martin Pitt ] * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells the kernel that userspace firmware loading failed. Otherwise it tries for a minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is enabled) in vain, which causes long delays with devices which have a range of possible firmware versions. (LP: #1398458) * debian/systemd.postinst: Don't always restart journald, as this currently can't be done without losing the current journal and breaking attached processes. So only restart it from upgrades < 215-3 (where the socket location got moved) as an one-time upgrade path from wheezy. (Closes: #771122) * Revert "Modify insserv generator to mask sysvinit-only display managers". This is still under dispute, a bit risky, and might get a different implementation. Also, nodm really needs to be fixed properly, working around it is both too risky and also too hard to get right. [ Didier Roche ] * Add display managers autopkgtests. * Reset display-manager symlink to match /e/X/d-d-m even if display-manager.service was removed. Adapt the autopkgtests for it. (LP: #1400680) -- Martin Pitt Thu, 11 Dec 2014 18:06:54 +0200 systemd (217-3) experimental; urgency=medium [ Martin Pitt ] * systemd.bug-script: Really capture stderr of systemd-delta. (Closes: #771498) * boot-and-services autopkgtest: Give test apparmor job some time to actually finish. [ Didier Roche ] * updated debian/patches/insserv.conf-generator.patch: - if /etc/X11/default-display-manager doesn't match a systemd unit (or doesn't exist), be less agressive about what to mask: we let all sysvinit-only display-manager units enabled to fallback to previous behavior and let them starting. (Closes: #771739) -- Martin Pitt Tue, 02 Dec 2014 16:53:36 +0100 systemd (217-2) experimental; urgency=medium * Re-enable journal forwarding to syslog, until Debian's sysloggers can/do all read from the journal directly. * Fix hostnamectl exit code on success. * Fix "diff failed with error code 1" spew with systemd-delta. (Closes: #771397) * Re-enable systemd-resolved. This wasn't meant to break the entire networkd, just disable the new NSS module. Remove that one manually instead. (Closes: #771423, LP: #1397361) * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07). * Disable AppArmor again. This first requires moving libapparmor to /lib (see #771667). (Closes: #771652) * systemd.bug-script: Capture stderr of systemd-{delta,analyze}. (Closes: #771498) -- Martin Pitt Mon, 01 Dec 2014 15:09:09 +0100 systemd (217-1) experimental; urgency=medium [ Martin Pitt ] * New upstream release. Drop all cherry-picked patches and port the Debian specific ones. * Disable systemd-resolved for now. It still needs to mature, and integration into Debian should be discussed first. * Bump util-linux dependency to >= 2.25 as per NEWS. * Drop installation of 50-firmware.rules, not shipped upstream any more. Firmware loading is now exclusively done by the kernel. * Drop installation of readahead related services and code, readahead got dropped in this version. * Ship new networkctl CLI tool. * debian/libsystemd0.symbols: Add new symbols from this release. * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot changed/missing symbols during build. * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270) * Create new "systemd-journal-remote" system group, for systemd-tmpfiles-setup.service. [ Marc Deslauriers ] * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270) [ Didier Roche ] * Handle display-manager transitions: (Closes: #748668) - Add a generator to ensure /etc/X11/default-display-manager is controlling which display-manager is started. - Modify insserv generator to mask of sysvinit-only dms with insserv $x-display-manager tag if they don't match /etc/X11/default-display-manager. This avoids starting multiple dms at boot. * Cherry-pick Shared-add-readlink_value.patch as using that function in the generator. -- Martin Pitt Fri, 28 Nov 2014 10:53:58 +0100 systemd (215-18) unstable; urgency=medium [ Michael Biebl ] * manager: Pass correct errno to strerror(), have_ask_password contains negative error values which have to be negated when being passed to strerror(). [ Martin Pitt ] * Revert upstream commit 743970d which immediately SIGKILLs units during shutdown. This leads to problems like bash not being able to write its history, mosh not saving its state, and similar failed cleanup actions. (Closes: #784720, LP: #1448259) * write_net_rules: Escape '{' and '}' characters as well, to make this work with busybox grep. Thanks Faidon Liambotis! (Closes: #765577) -- Martin Pitt Thu, 21 May 2015 15:49:30 +0200 systemd (215-17) unstable; urgency=high * cryptsetup: Implement offset and skip options. (Closes: #751707, LP: #953875) -- Martin Pitt Thu, 16 Apr 2015 10:26:46 -0500 systemd (215-16) unstable; urgency=medium [ Christian Seiler ] * Don't run hwclock-save.service in containers. (Closes: #782377) [ Michael Biebl ] * Do not print anything while passwords are being queried. This should make password prompts without plymouth more usable. (Closes: #765013) * Skip filesystem check if already done by the initramfs. (Closes: #782522) -- Michael Biebl Mon, 13 Apr 2015 19:42:32 +0200 systemd (215-15) unstable; urgency=medium [ Adam Conrad ] * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload when init scripts are installed or removed (Closes: #766429) [ Martin Pitt ] * Fix getty restart loop when PTS device is gone. (Closes: #780711) * Run timesyncd in virtual machines. (Closes: #762343) * Make logind work in environments without CAP_SYS_ADMIN (mostly containers). Thanks Christian Seiler for the backporting! (Closes: #778608) * Check for correct signatures when setting properties. Fixes systemd getting stuck on trying to set invalid property types. (Closes: #781602) -- Martin Pitt Thu, 09 Apr 2015 10:12:37 +0200 systemd (215-14) unstable; urgency=medium [ Michael Biebl ] * Map $x-display-manager LSB facility to display-manager.service instead of making it a target. Using a target had the downside that multiple display managers could hook into it at the same time which could lead to several failed start attempts for the non-default display manager. * Update insserv-generator and map $x-display-manager to display-manager.service, following the recent change in sysv-generator. This avoids creating references to a no longer existing x-display-manager.target unit. * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M. [ Martin Pitt ] * scope: Make attachment of initial PIDs more robust. Fixes crash with processes that get started by an init.d script with a different (aliased) name when the cgroup becomes empty. (Closes: #781210) * boot-and-services, display-managers autopkgtests: Add missing python3 test dependency. * Don't attempt to mount the same swap partition twice through different device node aliases. (Closes: #772182, LP: #1399595) [ Christian Seiler ] * Make the journald to syslog forwarding more robust by increasing the maximum datagram queue length from 10 to 512. (Closes: #762700) [ Marco d'Itri ] * Avoid writing duplicate entries in 70-persistent-net.rules by double checking if the new udev rule has already been written for the given interface. This happens if multiple add events are generated before the write_net_rules script returns and udevd renames the interface. (Closes: #765577) -- Michael Biebl Mon, 30 Mar 2015 13:26:52 +0200 systemd (215-13) unstable; urgency=medium [ Martin Pitt ] * Add hwclock-save.service to sync the system clock to the hardware clock on shutdown, to provide monotonic time for reboots. (Note: this is a hack for jessie; the next Debian release will enable timesyncd by default). (Closes: #755722) * Check for correct architecture identifiers for SuperH. (Closes: #779710) * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks Christos Trochalakis! (Closes: #779571) * Fix segfault with units that depend on themselves. (Closes: #780675) * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device creation. Fixes creation of static device nodes with kmod 20. (Closes: #780263) [ Christian Seiler ] * core: Don't migrate PIDs for units that may contain subcgroups. This stops messing up lxc/libvirt/other custom cgroup layouts after daemon-reload. (Closes: #777164) * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001) [ Michael Biebl ] * debian/udev.init: Recognize '!' flag with static device lists, to work with kmod 20. (Closes: #780263) [ Didier Roche ] * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds an After relationship. (Closes: #779902) -- Martin Pitt Thu, 26 Mar 2015 14:23:35 +0100 systemd (215-12) unstable; urgency=medium [ Martin Pitt ] * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or described in manpages. Only keep the Debian specific bits. (Part of #776546) * Actually install udev's README.Debian when building for Debian. (Closes: #776546) * Only start logind if dbus is installed. This fixes the noisy startup failure in environments without dbus such as LXC containers or servers. (part of #772700) * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if dbus is not installed, and hence logind cannot auto-start them on demand. (Closes: #772700) * Add unit-config autopkgtest to check systemd unit/sysv init enabling and disabling via systemctl. This avoids bugs like #777613 (did not affect unstable). * cgroup: Don't trim cgroup trees created by someone else, just the ones that systemd itself created. This avoids cleaning up empty cgroups from e.g. LXC. (Closes: #777601) * boot-and-services autopkgtest: Add CgroupsTest to check cgroup creation/cleanup behaviour. This reproduces #777601 and verifies the fix for it. * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids kernel buffer I/O errors and timeouts. (LP: #1333140) * Document systemctl --failed option. (Closes: #767267) [ Michael Biebl ] * core: Don't fail to run services in --user instances if $HOME is missing. (Closes: #759320) [ Didier Roche ] * default-display-manager-generator: Avoid unnecessary /dev/null symlink and warning if there is no display-manager.service unit. -- Martin Pitt Fri, 13 Feb 2015 12:08:31 +0100 systemd (215-11) unstable; urgency=medium [ Martin Pitt ] * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling symlink, to work around regression in recent patch (see #776257). * Order ifup@.service and networking.service after network-pre.target. (Closes: #766938) * Tone down "Network interface NamePolicy= disabled on kernel commandline, ignoring" info message to debug, as we expect this while we disable net.ifnames by default. (Closes: #762101, LP: #1411992) * logind: handle closing sessions over daemon restarts. (Closes: #759515, LP: #1415104) * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release after log out actually work. * debian/patches/series: Move upstreamed patches into the appropriate section. [ Michael Biebl ] * Make sure we run debian-fixup.service after /var has been mounted if /var is on a separate partition. Otherwise we might end up creating the /var/lock and /var/run symlink in the underlying root filesystem. (Closes: #768644) -- Martin Pitt Thu, 29 Jan 2015 09:01:54 +0100 systemd (215-10) unstable; urgency=medium [ Martin Pitt ] * sysv-generator: Handle .sh suffixes when translating Provides:. (Closes: #775889) * sysv-generator: Make real units overwrite symlinks generated by Provides: from other units. Fixes failures due to presence of backup or old init.d scripts. (Closes: #775404) * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN. (Closes: #775067) [ Christian Kastner ] * Use common-session-noninteractive in systemd-user's PAM config, instead of common-session. The latter can include PAM modules like libpam-mount which expect to be called just once and/or interactively, which already happens for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as it's not included in -noninteractive, but is always required (and idempotent). There is no net change on systemd which don't use manually installed PAM modules. (Closes: #739676) -- Martin Pitt Wed, 21 Jan 2015 13:18:05 +0100 systemd (215-9) unstable; urgency=medium [ Didier Roche ] * Add display managers autopkgtests. * Reset display-manager symlink to match /e/X/d-d-m even if display-manager.service was removed. Adapt the autopkgtests for it. [ Martin Pitt ] * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong copy&paste'd comment, fix log strings. Thanks Adam D. Barratt. * Log all members of cyclic dependencies (loops) even with quiet on the kernel cmdline. (Closes: #770504) * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to clean /var/tmp/ automatically. (Closes: #773313) [ Michael Biebl ] * sysv-generator: handle Provides: for non-virtual facility names. (Closes: #774335) * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr isn't mounted yet. This happens with initramfs-tools < 0.118 which we might not get into Jessie any more. (Closes: #742048) -- Martin Pitt Tue, 13 Jan 2015 11:24:43 +0100 systemd (215-8) unstable; urgency=medium [ Didier Roche ] * Cherry-pick shared-add-readlink_value.patch, we will use that function in the generator. * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we will use that function in the generator. * Handle multiple display managers which don't ship a systemd unit or the corresponding postinst logic for updating display-manager.service: Add a generator to ensure /etc/X11/default-display-manager is controlling which display-manager is started. (Closes: #771287) [ Sjoerd Simons ] * d/p/core-Fix-bind-error-message.patch: + Added. Fix error message on bind failure to print the full path * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch: + Added. Be more robust when binding private unix sockets (Based on current upstream logic) (Closes: #761306) [ Martin Pitt ] * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707) * debian/systemd.postinst: Don't always restart journald, as this currently can't be done without losing the current journal and breaking attached processes. So only restart it from upgrades < 215-3 (where the socket location got moved) as an one-time upgrade path from wheezy. (Closes: #771122) * journalctl: Fix help text for --until. (Closes: #766598) * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we make sure that the udev package has appropriate Breaks:. In particular, this avoids installing current udev with kmod << 14. (Closes: #771726) [ Michael Biebl ] * systemd.postinst: Move unit enablement after restarting systemd, so that we don't fail to enable units with keywords that wheezy's systemd does not understand yet. Fixes enabling getty units on wheezy upgrades with systemd. (Closes: #771204) -- Martin Pitt Fri, 05 Dec 2014 10:01:24 +0100 systemd (215-7) unstable; urgency=medium [ Martin Pitt ] * Add myself to Uploaders. * Add boot-and-services autopkgtest: Check booting with systemd-sysv and that the most crucial services behave as expected. * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug. * Add nspawn test to boot-and-services autopkgtest. * Make systemd-nspawn@.service work out of the box: (Closes: #770275) - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d. - Add new try-{guest,host} modes for --link-journal to silently skip setting up the guest journal if the host has no persistent journal. - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service. * Cherry-pick upstream patch to fix SELinux unit access check (regression in 215). * sysv-generator: Avoid wrong dependencies for failing units. Thanks to Michael Biebl for the patch! (Closes: #771118) * Cherry-pick patches to recognize and respect the "discard" mount option for swap devices. Thanks to Aurelien Jarno for finding and testing! (Closes: #769734) [ Jon Severinsson] * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This avoids breakage in Jessie for packages which still refer to /run/shm, and while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official. (LP: #1320534, Closes: #674755). -- Martin Pitt Fri, 28 Nov 2014 06:43:15 +0100 systemd (215-6) unstable; urgency=medium [ Martin Pitt ] * Cherry-pick upstream patch to fix udev crash in link_config_get(). * Cherry-pick upstream patch to fix tests in limited schroot environments. * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an alternate /etc/machine-id location. This is necessary for running tests as long as it isn't in our base images (see Debian #745876) * Run tests during package build. For the first round don't make them fatal for now (that will happen once we see results from all the architectures). * Drop our Check-for-kmod-binary.patch as the upstream patch units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it. * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as our util-linux is now recent enough. Bump dependency to >= 2.21. * Adjust timedated and hostnamed autopkgtests to current upstream version. * Replace our Debian hwdb.bin location patch with what got committed upstream. Run hwdb update with the new --usr option to keep current behaviour. * debian/README.Debian: Document how to debug boot or shutdown problems with the debug shell. (Closes: #766039) * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id under all init systems, to get consistent ID_PATH attributes. This is required so that tools like systemd-rfkill can be used with SysVinit or upstart scripts, too. (LP: #1387282) * Switch libpam-systemd dependencies to prefer systemd-shim over systemd-sysv, to implement the CTTE decision #746578. This is a no-op on systems which already have systemd-sysv installed, but will prevent installing that on upgrades. (Closes: #769747) * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all you work! * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev settle. Thanks to Ben Hutchings! (Closes: #754987) * Bump Standards-Version to 3.9.6 (no changes necessary). [ Didier Roche ] * debian/ifup@.service: add a ConditionPath on /run/network, to avoid failing the unit if /etc/init.d/networking is disabled. (Closes: #769528) -- Martin Pitt Tue, 18 Nov 2014 12:37:22 +0100 systemd (215-5) unstable; urgency=medium [ Martin Pitt ] * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V platforms. Thanks Andy Whitcroft! (LP: #1359933) * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade. (Closes: #761947) [ Sjoerd Simons ] * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch + Fix compatibility between systemctl v215 and v208. Resolves issue when reloads of services is requested before systemd is re-execed (Closes: #762146) [ Michael Biebl ] * Don't overmount existing /run/user/ directories with a per-user tmpfs on upgrades. (Closes: #762041) * Re-enable mount propagation for udevd. This avoids that broken software like laptop-mode-tools, which runs mount from within udev rules, causes the root file system to end up read-only. (Closes: #762018) -- Michael Biebl Sat, 27 Sep 2014 17:49:47 +0200 systemd (215-4) unstable; urgency=medium * Upload to unstable. -- Michael Biebl Mon, 15 Sep 2014 17:38:30 +0200 systemd (215-3) experimental; urgency=medium [ Ben Howard ] * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272) [ Martin Pitt ] * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae. (LP: #1367883) [ Michael Biebl ] * Update upstream v215-stable patch series. * The /dev/log socket and /dev/initctl FIFO have been moved to /run and replaced by symlinks. Create the symlinks manually on upgrades as well. (Closes: #761340) * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491) * Make systemd recommend dbus so it is installed on upgrades. The dbus system bus is required to run systemd-logind and the autovt feature relies on logind. (Closes: #758111) * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version which supports systemd >= 209. * Rework bug-script to be more upfront about what kind of data is gathered and ask the user for permission before attaching the information to the bug report. (Closes: #756248) [ Sjoerd Simons ] * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc (Closes: #760879) -- Sjoerd Simons Sun, 14 Sep 2014 20:14:49 +0200 systemd (215-2) experimental; urgency=medium * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch + Added. Fix checking of system endianness. Fixes FTBFS on powerpc * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch: + Let timesyncd go online even if networkd isn't running (from upstream git) (Closes: #760087) * debian/rules: add systemd-update-utmp-runlevel.service to {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger the runlevel target to be loaded -- Sjoerd Simons Sun, 07 Sep 2014 23:46:02 +0200 systemd (215-1) experimental; urgency=medium * New upstream release. * Import upstream v215-stable patch series. * Rebase remaining Debian patches on top of v215-stable. * Drop our Debian-specific run-user.mount unit as upstream now creates a per-user tmpfs via logind. * Don't rely on new mount from experimental for now and re-add the patch which updates the documentation accordingly. * Cherry-pick upstream fix to use correct versions for the new symbols that were introduced in libudev. * Update symbols files - Add two new symbols for libudev1. - Remove private symbol from libgudev-1.0-0. This symbol was never part of the public API and not used anywhere so we don't need a soname bump. * Cherry-pick upstream commit to not install busname units if kdbus support is disabled. * Make /run/lock tmpfs an API fs so it is available during early boot. (Closes: #751392) * Install new systemd-path and systemd-escape binaries. * Cherry-pick upstream commit which fixes the references to the systemctl man page. (Closes: #760613) * Use the new systemd-escape utility to properly escape the network interface name when starting an ifup@.service instance for hotplugged network interfaces. Make sure a recent enough systemd version is installed by bumping the versioned Breaks accordingly. (Closes: #747044) * Order ifup@.service after networking.service so we don't need to setup the runtime directory ourselves and we have a defined point during boot when hotplugged network interfaces are started. * Disable factory-reset feature and remove files associated with it. This feature needs more integration work first before it can be enabled in Debian. * Cherry-pick upstream commit to fix ProtectSystem=full and make the ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists) on Debian systems. (Closes: #759689) * Use adduser in quiet mode when creating the system users/groups to avoid warning messages about the missing home directories. Those are created dynamically during runtime. (Closes: #759175) * Set the gecos field when creating the system users. * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop its privileges. * Re-exec systemd and restart services at the end of postinst. * Cherry-pick upstream commit for sd-journal to properly convert object->size on big endian which fixes a crash in journalctl --list-boots. (Closes: #758392) -- Michael Biebl Sun, 07 Sep 2014 09:58:48 +0200 systemd (214-1) experimental; urgency=medium * New upstream release v214. (Closes: #750793, #749268, #747939) [ Jon Severinsson ] * Import upstream v214-stable patch series. - Rebase remaining Debian patches on top of v214-stable. - Drop modifications to the now-removed built-in sysvinit support. * Install the new combined libsystemd0 library, this library combines all functionality of the various libsystemd-* libraries. - Deprecate the old libsystemd-* libraries as they've been bundled into libsystemd0. The old -dev files now just carry a transitional .pc file. - Add new symbols file for libsystemd0. * Update symbols file for libgudev-1.0-0. * Remove pre-generated rules and unit files in debian/rules clean target. * Add new systemd service users in systemd postinst (systemd-timesync, systemd-network, systemd-resolve) * Add new system group "input" used by udev rules in udev postinst. * Try-restart networkd, resolved, and timesyncd after an upgrade. * Do not force-enable default-on services on every upgrade. * Add support for rcS.d init scripts to the sysv-generator. - Do not order rcS.d services after local-fs.target if they do not explicitly depend on $local_fs. - Map rcS.d init script dependencies to their systemd equivalent. - Special-case some dependencies for sysv init scripts for better backwards compatibility. (Closes: #726027, #738965). * Add systemd depends on new mount. (Closes: #754411) * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf. * Remove stored backlog state, rfkill state, random-seed and clock information from /var/lib/systemd on systemd purge. [ Sjoerd Simons ] * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch + Added. Include stdbool before using bool in function prototypes. Fixes build of the insserv generator * Add python-lxml to build-depends for python-systemd * Turn on parallel build support * Install the new busctl binary and translations * Explicitly disable microhttp so the package build doesn't fail if the required dependencies for it happen to be installed. * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths assume udev implementation details that have changed slightly since v213 * debian/control: Remove b-d on librwap0-dev * debian/control: Bump libkmod-dev b-d to >= 15 * debian/rules: Drop outdated --enable-tcpwrap * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved for the udeb build * debian/rules: Use the debian ntp pool as default ntp servers * debian/rules: explicitely configure the maximum system uid/gids instead of relying on autodetection -- Sjoerd Simons Sun, 24 Aug 2014 14:54:27 +0200 systemd (208-8) unstable; urgency=medium [ Martin Pitt ] * Fix duplicate line in copyright. (Closes: #756899) * Drop --disable-xattr configure option for udeb, does not exist any more. * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498) * Backport fix for lazy session-activation on non-seat0 seats. (LP: #1355331) [ Michael Biebl ] * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as we can't rely on /dev/stdout to exist at this point during boot. (Closes: #757830) * Fix udev SysV init script and d-i start script to not write to /sys/kernel/uevent_helper unconditionally to not fail on a kernel with CONFIG_UEVENT_HELPER unset. (Closes: #756312) * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version supporting the static-nodes command. * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev versions rely on kmod-static-nodes.service being provided by systemd. (Closes: #757777) * Updated upstream v208-stable patch series to 53b1b6c. * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302) * Make emergency.service conflict with rescue.service. Otherwise if rescue mode is selected during boot and the emergency mode is triggered (e.g. via a broken fstab entry), we have two sulogin processes fighting over the tty. (Closes: #757072) * Stop syslog.socket when entering emergency mode as otherwise every log message triggers the start of the syslog service and its dependencies which conflicts with emergency.target. (Closes: #755581) -- Michael Biebl Thu, 21 Aug 2014 00:14:21 +0200 systemd (208-7) unstable; urgency=medium [ Michael Biebl ] * Mask remaining services provided by the initscripts package and document in more detail why certain services have been masked. (Closes: #659264) * Install zsh completions to the correct place. (Closes: #717540) [ Jon Severinsson ] * Cherry-pick upstream fix for journal file permissions. (Closes: #755062) * Map some rcS.d init script dependencies to their systemd equivalent. * Update Depends on initscripts to the version with a systemd-compatible mountnfs ifup hook. (Closes: #746358) * Add Breaks on lvm2 versions without native systemd support. (Closes: #678438, #692120) * Do not fail udev upgrades if the udev service is already runtime-masked when the preinst script is run. (Closes: #755746) * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the sysv-compatible symlinks become dangling on a partial install. * Ensure that systemctl is usable right after being unpacked, by adding the required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589) * Add support for TuxOnIce hibernation. (Closes: #746463) [ Martin Pitt ] * Rename "api" autopkgtest to "build-login", and stop requiring that sd_login_monitor_new() succeeds. It doesn't in many environments like schroot or after upgrades from < 204, and the main point of the test is to check that libsystemd-login-dev has correct contents and dependencies. Drop "isolation-machine" requirement. * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build dependency. (Closes: #756097) * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does not have any reverse dependencies, and we want to encourage moving to Python 3. (LP: #1258089) * Add simple autopkgtest for python3-systemd. * Add dbus dependency to libpam-systemd. (Closes: #755968) * Fix /dev/cdrom symlink to appear for all types of drives, not just for pure CD-ROM ones. Also, fix the symlinks to stay after change events. (LP: #1323777) * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't violate the assignment schema, they should just not be persistent. Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776) * Reinstate patches to make logind D-BUS activatable. * Re-add systemd-shim alternative dependency to libpam-systemd. Version it to ensure cgmanager support. (Closes: #754984, LP: #1343802) * Convert udev-finish.upstart from a task to a job, to avoid hangs with startpar. (Closes: #756631) * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git. This makes it trivial to backport keymap fixes to stable releases. (Closes: #657809; LP: #1322770, #1339998) * udev.init: Create static device nodes, as this moved out of udevd. Thanks to Michael Biebl for the script! (Closes: #749021) -- Martin Pitt Wed, 06 Aug 2014 13:33:22 +0200 systemd (208-6) unstable; urgency=medium [ Jon Severinsson ] * Add v208-stable patch series. - Update Debian patches to apply on top of v208-stable. - Move new manpages to libsystemd-*-dev as appropriate. [ Michael Biebl ] * Upload to unstable. -- Michael Biebl Wed, 16 Jul 2014 00:44:15 +0200 systemd (208-5) experimental; urgency=medium * Merge changes from unstable branch. -- Michael Biebl Sat, 28 Jun 2014 13:41:32 +0200 systemd (208-4) experimental; urgency=medium * Merge changes from unstable branch. * Drop alternative dependency on systemd-shim in libpam-systemd. The systemd-shim package no longer provides an environment to run systemd-logind standalone. See #752939 for further details. -- Michael Biebl Sat, 28 Jun 2014 01:22:11 +0200 systemd (208-3) experimental; urgency=medium * Merge changes from unstable branch. -- Michael Biebl Wed, 25 Jun 2014 11:29:07 +0200 systemd (208-2) experimental; urgency=medium [ Sjoerd Simons ] * Don't stop a running user manager from garbage collecting the users. Fixes long shutdown times when using a systemd user session [ Michael Stapelberg ] * Fix bug-script: “systemctl dump” is now “systemd-analyze dump” (Closes: #748311) [ Michael Biebl ] * Merge changes from unstable branch. * Cherry-pick upstream fixes to make sd_session_get_vt() actually work. -- Michael Biebl Tue, 24 Jun 2014 17:45:26 +0200 systemd (208-1) experimental; urgency=medium [ Michael Biebl ] * New upstream release. (Closes: #729566) * Update patches. * Update symbols files for libsystemd-journal and libsystemd-login. * Install new files and remove the ones we don't use. * Install zsh completion files. (Closes: #717540) * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no longer reads /etc/sysctl.conf. * Bump Build-Depends on kmod to (>= 14). * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt support. * Make kmod-static-nodes.service check for the kmod binary since we don't want a hard dependency on kmod e.g. for container installations. * Disable various features which aren't required for the udeb build. * Move new sd_pid_get_slice and sd_session_get_vt man pages into libsystemd-login-dev. * Make no-patch-numbers the default for gbp-pq. * Adjust systemd-user pam config file for Debian. This pam config file is used by libpam-systemd/systemd-logind when launching systemd user instances. * Drop patches to make logind D-Bus activatable. The cgroup handling has been reworked in v205 and logind no longer creates cgroup hierarchies on its own. That means that the standalone logind is no longer functional without support from systemd (or an equivalent cgroup manager). [ Martin Pitt ] * Explain patch management in debian/README.source. -- Michael Biebl Mon, 28 Apr 2014 00:22:57 +0200 systemd (204-14) unstable; urgency=medium * Fix SIGABRT in insserv generator caused by incorrect usage of strcat(). (Closes: #752992) * Mark -dev packages as Multi-Arch: same. (Closes: #720017) -- Michael Biebl Sat, 28 Jun 2014 13:22:43 +0200 systemd (204-13) unstable; urgency=medium * Switch back to load the sg module via the kmod builtin. The problem was not that the kmod builtin is faster then modprobe but rather the incorrect usage of the "=" assignment operator. We need to use "+=" here, so the sg module is loaded in addition to other scsi modules, which are loaded via the modalias rule. Thanks to Tommaso Colombo for the analysis. * Cherry-pick upstream fix which prevents systemd from entering an infinite loop when trying to break an ordering cycle. (Closes: #752259) * Update insserv generator to not create any drop-in files for services where the corresponding SysV init script does not exist. * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV init script and do not unconditionally overwrite it in the initramfs hook. Since a long time now udev has been using the netlink interface to communicate with the kernel and with Linux 3.16 it is possible to disable CONFIG_UEVENT_HELPER completely. (Closes: #752742) -- Michael Biebl Sat, 28 Jun 2014 00:01:16 +0200 systemd (204-12) unstable; urgency=medium [ Martin Pitt ] * Change the sg loading rule (for Debian #657948) back to using modprobe. kmod is too fast and then sg races with sd, causing the latter to not see SCSI disks. (Closes: #752591, #752605) [ Michael Biebl ] * Update udev bug-script to attach instead of paste extra info if a new enough reportbug version is available. -- Michael Biebl Wed, 25 Jun 2014 10:55:12 +0200 systemd (204-11) unstable; urgency=medium [ Martin Pitt ] * Explain patch management in debian/README.source. (Closes: #739113) * Replace "Always probe cpu support drivers" patch with cherry-picked upstream fix which is more general. * Advertise hibernation only if there's enough free swap. Patches backported from current upstream. (LP: #1313522) * Fix typo in sg loading rule to make it actually work. [ Michael Biebl ] * Make no-patch-numbers the default for gbp-pq. * Cherry-pick upstream fix to properly handle multiline syslog messages. (Closes: #746351) * Cherry-pick upstream fix for libudev which fixes a memleak in parent_add_child(). * Drop "-b debian" from Vcs-Git since we use the master branch for packaging now. * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this breaks dist-upgrades from wheezy when switching from sysvinit to systemd-sysv as default init. While downgrading the Pre-Depends in sysvinit would have been an alternative, dropping the Conflicts and only keeping the Replaces was deemed the lesser evil. (Closes: #748355) * Use Conflicts instead of Breaks against sysvinit-core. This avoids /sbin/init going missing when switching from systemd-sysv to sysvinit. While at it, add a Replaces: upstart. (Closes: #751589) * Make the SysV compat tools try both /run/initctl and /dev/initctl. This makes them usable under sysvinit as PID 1 without requiring any symlinks. * Various ifupdown integration fixes - Use DefaultDependencies=no in ifup@.service so the service can be started as early as possible. - Create the ifupdown runtime directory in ifup@.service as we can no longer rely on the networking service to do that for us. - Don't stop ifup@.service on shutdown but let the networking service take care of stopping all hotplugged interfaces. - Only start ifup@.service for interfaces configured as allow-hotplug. [ Michael Stapelberg ] * Clarify that “systemd” does not influence init whereas “systemd-sysv” does (Closes: #747741) [ Ansgar Burchardt ] * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook as this might change the behaviour of existing SysV init scripts. (Closes: #751472) -- Michael Biebl Tue, 24 Jun 2014 17:03:43 +0200 systemd (204-10) unstable; urgency=medium * In the udeb's udev.startup, make sure that /dev/pts exists. * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC containers. * Drop udev.NEWS, it only applies to pre-squeeze. * Remove /var/log/udev on purge. * Always probe cpu support drivers. (LP #1207705) * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC for management. Name this interface "idrac" to avoid confusion with "real" network interfaces. * Drop numerical prefixes from patches, to avoid future diff noise when removing, cherry-picking, and merging patches. From now on, always use "gbp-pq export --no-patch-numbers" to update them. -- Martin Pitt Sun, 27 Apr 2014 11:53:52 +0200 systemd (204-9) unstable; urgency=medium * The "Flemish Beef and Beer Stew" release. [ Steve Langasek ] * Do proper refcounting of the PAM module package on prerm, so that we don't drop the module from the PAM config when uninstalling a foreign-arch package. Related to Ubuntu bug #1295521. [ Martin Pitt ] * debian/udev.udev-finish.upstart: Fix path to tmp-rules, debian/extra/rule_generator.functions creates them in /run/udev/. * rules: Remove the kernel-install bits; we don't want that in Debian and thus it shouldn't appear in dh_install --list-missing output. * Ship sd-shutdown.h in libsystemd-daemon-dev. * Run dh_install with --fail-missing, to avoid forgetting files when we move to new versions. * Mount /dev/pts with the correct permissions in the udev, to avoid needing pt_chown (not available on all architectures). Thanks Adam Conrad. * Add new block of Windows Azure ethernet hardware address to 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018) * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the upstream rules. They are compatible and do a superset of the functionality. (Closes: #645466) * Drop our Debian specific 80-drivers.rules and use the upstream rules with a patch for the sg module (see #657948). These now stop calling modprobe and use the kmod builtin, giving some nice boot speed improvement. (Closes: #717404) * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules and use the upstream rules with a patch for the remaining Debian specific default device permissions. Many thanks to Marco d'Itri for researching which Debian-specific rules are obsolete! Amongst other things, this now also reads the hwdb info for USB devices (Closes: #717405) and gets rid of some syntax errors (Closes: #706221) * Set default polling interval on removable devices as well, for kernels which have "block" built in instead of being a module. (Closes: #713877) * Make sd_login_monitor_new() work for logind without systemd. * Cherry-pick upstream fix for polkit permissions for rebooting with multiple sessions. * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's obsolete with devtmpfs (which is required now), and doesn't run with systemd or upstart anyway. * Drop unnecessary udev.dirs. * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed, and a compile/link/run test against libsystemd-login-dev. [ Marco d'Itri ] * preinst: check for all the system calls required by modern releases of udev. (Closes: #648325) * Updated fbdev-blacklist.conf for recent kernels. * Do not blacklist viafb because it is required on the OLPC XO-1.5. (Closes: #705792) * Remove write_cd_rules and the associated rules which create "persistent" symlinks for CD/DVD devices and replace them with more rules in 60-cdrom_id, which will create symlinks for one at random among the devices installed. Since the common case is having a single device then everything will work out just fine most of the times... (Closes: #655924) * Fix write_net_rules for systemd and sysvinit users by copying the temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563) * Do not install sysctl.d/50-default.conf because the systemd package should not change kernel policies, at least until it will become the only supported init system. [ Michael Stapelberg ] * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724). * Switch from gitpkg to git-buildpackage. Update README.source accordingly. * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that need logind functionality should depend on libpam-systemd. [ Michael Biebl ] * Do not send potentially private fstab information without prior user confirmation. (Closes: #743158) * Add support for LSB facilities defined by insserv. Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate systemd unit drop-in files to add corresponding dependencies. Also ship targets for the Debian specific $x-display-manager and $mail-transport-agent system facilities. (Closes: #690892) * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME setting from /etc/default/rcS. Fix up existing broken configurations. (Closes: #738862) -- Michael Biebl Sat, 26 Apr 2014 21:37:29 +0200 systemd (204-8) unstable; urgency=low [ Michael Stapelberg ] * move manpages from systemd to libsystemd-*-dev as appropriate (Closes: #738723) * fix systemctl enable/disable/… error message “Failed to issue method call: No such file or directory” (the previous upload did actually not contain this fix due to a merge conflict) (Closes: #738843) * add explicit “Depends: sysv-rc” so that initscript’s “Depends: sysv-rc | file-rc” will not be satisfied with file-rc. We need the invoke-rc.d and update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd. (Closes: #739679) * set capabilities cap_dac_override,cap_sys_ptrace=ep for systemd-detect-virt, so that it works for unprivileged users. (Closes: #739699) * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300) * Ignore chkconfig headers entirely, they are often broken in Debian (Closes: #634472) [ Michael Biebl ] * do a one-time migration of RAMTMP= from /etc/default/rcS and /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687) * Bump Standards-Version to 3.9.5. -- Michael Biebl Wed, 19 Mar 2014 18:57:35 +0100 systemd (204-7) unstable; urgency=low * fix systemctl enable/disable/… error message “Failed to issue method call: No such file or directory” (Closes: #734809) * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0 (Closes: #722530) * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel Schepler) * cherry-pick: order remote mounts from mountinfo before remote-fs.target (77009452cfd) (Closes: #719945) Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156) fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316) -- Michael Stapelberg Tue, 11 Feb 2014 23:34:42 +0100 systemd (204-6) unstable; urgency=low [ Michael Stapelberg ] * Run update-rc.d defaults before update-rc.d (Closes: #722523) * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204 (Closes: #723936) * fstab-generator: don’t rely on /usr being mounted in the initrd (Closes: #724797) * systemctl: mangle names when avoiding dbus (Closes: #723855) * allow group adm read access on /var/log/journal (Closes: #717386) * add systemd-journal group (Thanks Guido Günther) (Closes: #724668) * copy /etc/localtime instead of symlinking (Closes: #726256) * don’t try to start autovt units when not running with systemd as pid 1 (Closes: #726466) * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida) (Closes: #733240) * Add myself to uploaders [ Tollef Fog Heen ] * Make 99-systemd.rules check for /run/systemd/systemd instead of the ill-named cgroups directory. [ Martin Pitt ] * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink should go away at some point. * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they are potentially useful in a d-i environment. * debian/shlibs.local: Drop libudev; this unnecessarily generates overly strict dependencies, the libudev ABI is stable. * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems (LP: #1099278) -- Michael Stapelberg Tue, 31 Dec 2013 14:39:44 +0100 systemd (204-5) unstable; urgency=high * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit by avoiding a race condition in scraping /proc (CVE-2013-4327). Closes: #723713 -- Michael Biebl Mon, 23 Sep 2013 11:59:53 +0200 systemd (204-4) unstable; urgency=low * Add preinst check to abort udev upgrade if the currently running kernel lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no longer creates any device nodes itself. This only affects self-compiled kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580 * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This only affects users without an initramfs, which usually is responsible for mounting the devtmpfs. Closes: #722604 * Drop pre-squeeze upgrade code from maintainer scripts and simplify the various upgrade checks. * Suppress errors about unknown hwdb builtin. udev 196 introduced a new "hwdb" builtin which is not understood by the old udev daemon. * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a proper dependency on libudev1-udeb and not libudev1. Closes: #722939 * Remove udev-udeb dependency from libudev1-udeb to avoid a circular dependency between the two packages. This dependency was copied over from the old udev-gtk-udeb package and no longer makes any sense since libudev1-udeb only contains a library nowadays. -- Michael Biebl Wed, 18 Sep 2013 00:05:21 +0200 systemd (204-3) unstable; urgency=low [ Michael Biebl ] * Upload to unstable. * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell. * Only import net.ifaces cmdline property for network devices. * Generate strict dependencies between the binary packages using a shlibs.local file and add an explicit versioned dependency on libsystemd-login0 to systemd to ensure packages are upgraded in sync. Closes: #719444 * Drop obsolete Replaces: libudev0 from udev package. * Use correct paths for various binaries, like /sbin/quotaon, which are installed in / and not /usr in Debian. Closes: #721347 * Don't install kernel-install(8) man page since we don't install the corresponding binary either. Closes: #722180 * Cherry-pick upstream fixes to make switching runlevels and starting reboot via ctrl-alt-del more robust. * Cherry-pick upstream fix to properly apply ACLs to Journal files. Closes: #717863 [ Michael Stapelberg ] * Make systemctl enable|disable call update-rc.d for SysV init scripts. Closes: #709780 * Don't mount /tmp as tmpfs by default and make it possible to enable this feature via "systemctl enable tmp.mount". Closes: #718906 [ Daniel Schaal ] * Add bug-script to systemd and udev. Closes: #711245 [ Ondrej Balaz ] * Recognize discard option in /etc/crypttab. Closes: #719167 -- Michael Biebl Thu, 12 Sep 2013 00:13:11 +0200 systemd (204-2) experimental; urgency=low [ Daniel Schaal ] * Enable verbose build logs. Closes: #717465 * Add handling of Message Catalog files to provide additional information for log entries. Closes: #717427 * Remove leftover symlink to debian-enable-units.service. Closes: #717349 [ Michael Stapelberg ] * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635 [ Michael Biebl ] * Don't pass static start priorities to dh_installinit anymore. * Switch the hwdb trigger to interest-noawait. * Remove obsolete support for configurable udev root from initramfs. * Bind ifup@.service to the network device. This ensures that ifdown is run when the device is removed and the service is stopped. Closes: #660861, #703033 * Bump Standards-Version to 3.9.4. No further changes. * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385 * Make all packages Priority: optional, with the exception of udev and libudev1, which remain Priority: important, and systemd-sysv, which remains Priority: extra due to the conflict with sysvinit. Closes: #717365 * Restart systemd-logind.service on upgrades due to changes in the CreateSession D-Bus API between v44 and v204. Closes: #717403 -- Michael Biebl Wed, 24 Jul 2013 23:47:59 +0200 systemd (204-1) experimental; urgency=low * New upstream release. Closes: #675175, #675177 - In v183 the udev sources have been merged into the systemd source tree. As a result, the udev binary packages will now be built from the systemd source package. To align the version numbers 139 releases were skipped. - For a complete list of changes, please refer to the NEWS file. * Add Marco to Uploaders. * Drop Suggests on the various python packages from systemd. The systemd-analyze tool has been reimplemented in C. * Add binary packages as found in the udev 175-7.2 source package. * Wrap dependencies for better readability. * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0. * Drop old Conflicts, Replaces and Breaks, which are no longer necessary. * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject introspection mini-policy. Closes: #691313 * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the Recommends on pciutils and usbutils accordingly. * Drop our faketime hack. Upstream uses a custom xsl style sheet now to generate the man pages which no longer embeds the build date. * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are using pam-auth-update. * Explicitly set Section and Priority for the udev binary package. * Update Build-Depends: - Drop libudev-dev, no longer required. - Add gtk-doc-tools and libglib2.0-doc for the API documentation in libudev and libgudev. - Add libgirepository1.0-dev and gobject-introspection for GObject introspection support in libgudev. - Add libgcrypt11-dev for encryption support in the journal. - Add libblkid-dev for the blkid udev builtin. * Use gir dh addon to ensure ${gir:Depends} is properly set. * Rename libudev0 → libudev1 for the SONAME bump. * Update symbols files. libudev now uses symbols versioning as the other libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from the old udev package. * Run gtkdocize on autoreconf. * Enable python bindings for the systemd libraries and ship them in a new package named python-systemd. * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per libsystemd-journal.pc. * Remove obsolete bash-completion scripts on upgrades. Nowadays they are installed in /usr/share/bash-completion/completions. * Rename conffiles for logind and journald. * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents. * Build two flavours: a regular build and one for the udev udebs with reduced features/dependencies. * Create a few compat symlinks for the udev package, most notably /sbin/udevadm and /sbin/udevd. * Remove the dpkg-triggered debian-enable-units script. This was a temporary workaround for wheezy. Packages should use dh-systemd now to properly integrate service files with systemd. * Update debian/copyright using the machine-readable copyright format 1.0. * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2 non-maintainer uploads. * Keep the old persistent network interface naming scheme for now and make the new one opt-in via net.ifnames=1 on the kernel command line. * Drop the obsolete udev-mtab SysV init script and properly clean up on upgrades. * Simplify the udev SysV init script and remove experimental and obsolete features. * Revert upstream commits which dropped support for distro specific features and config files. * Make logind, hostnamed, localed and timedated D-Bus activatable and usable when systemd is not running. * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on install and upgrades. * Provide a dpkg file trigger for hwdb, so the database is automatically updated when packages install files into /lib/udev/hwdb.d. -- Michael Biebl Fri, 19 Jul 2013 00:32:36 +0200 systemd (44-12) unstable; urgency=low * Cherry-pick e17187 from upstream to fix build failures with newer glibc where the clock_* symbols have been moved from librt to libc. Closes: #701364 * If the new init-system-helpers package is installed, make the debian-enable-units script a no-op. The auto-enabler was meant as a temporary workaround and will be removed once all packages use the new helper. * Update the checks which test if systemd is the active init. The recommended check is [ -d /run/systemd/system ] as this will also work with a standalone systemd-logind. * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add Tollef and myself as Uploaders. * Stop building the GUI bits. They have been split into a separate source package called systemd-ui. -- Michael Biebl Thu, 20 Jun 2013 01:32:16 +0200 systemd (44-11) unstable; urgency=low * Team upload. * Run debian-enable-units.service after sysinit.target to ensure our tmp files aren't nuked by systemd-tmpfiles. * The mountoverflowtmp SysV init script no longer exists so remove that from remount-rootfs.service to avoid an unnecessary diff to upstream. * Do not fail on purge if /var/lib/systemd is empty and has been removed by dpkg. -- Michael Biebl Wed, 13 Mar 2013 08:03:06 +0100 systemd (44-10) unstable; urgency=low * Team upload. * Using the return code of "systemctl is-enabled" to determine whether we enable a service or not is unreliable since it also returns a non-zero exit code for masked services. As we don't want to enable masked services, grep for the string "disabled" instead. -- Michael Biebl Fri, 15 Feb 2013 17:01:24 +0100 systemd (44-9) unstable; urgency=low * Team upload. * Fix typo in systemd.socket man page. Closes: #700038 * Use color specification in "systemctl dot" which is actually understood by dot. Closes: #643689 * Fix mounting of remote filesystems like NFS. Closes: #673309 * Use a file trigger to automatically enable service and socket units. A lot of packages simply install systemd units but do not enable them. As a result they will be inactive after the next boot. This is a workaround for wheezy which will be removed again in jessie. Closes: #692150 -- Michael Biebl Fri, 15 Feb 2013 13:35:39 +0100 systemd (44-8) unstable; urgency=low * Team upload. * Use comment=systemd.* syntax in systemd.mount man page. The mount/util-linux version in wheezy is not recent enough to support the new x-systemd* syntax. Closes: #697141 * Don't enable persistent storage of journal log files. The journal in v44 is not yet mature enough. -- Michael Biebl Sat, 19 Jan 2013 20:05:05 +0100 systemd (44-7) unstable; urgency=low * Fix a regression in the init-functions hook wrt reload handling that was introduced when dropping the X-Interactive hack. Closes: #696355 -- Michael Biebl Fri, 21 Dec 2012 00:00:12 +0100 systemd (44-6) unstable; urgency=low [ Michael Biebl ] * No longer ship the /sys directory in the systemd package since it is provided by base-files nowadays. * Don't run udev rules if systemd is not active. * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time migration so don't run the debian-fixup script on every boot. [ Tollef Fog Heen ] * Prevent the systemd package from being removed if it's the active init system, since that doesn't work. [ Michael Biebl ] * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M). Those directories are user-writable which could lead to DoS by filling up /run. Closes: #635131 -- Michael Biebl Sun, 16 Dec 2012 21:58:37 +0100 systemd (44-5) unstable; urgency=low * Team upload. [ Tollef Fog Heen ] * disable killing on entering START_PRE, START, thanks to Michael Stapelberg for patch. This avoids killing VMs run through libvirt when restarting libvirtd. Closes: #688635. * Avoid reloading services when shutting down, since that won't work and makes no sense. Thanks to Michael Stapelberg for the patch. Closes: #635777. * Try to determine which init scripts support the reload action heuristically. Closes: #686115, #650382. [ Michael Biebl ] * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the default branch to "debian". * Avoid reload and (re)start requests during early boot which can lead to deadlocks. Closes: #624599 * Make systemd-cgroup work even if not all cgroup mounts are available on startup. Closes: #690916 * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344 * Add watch file to track new upstream releases. -- Michael Biebl Thu, 25 Oct 2012 21:41:23 +0200 systemd (44-4) unstable; urgency=low [ Michael Biebl ] * Override timestamp for man page building, thereby avoiding skew between architectures which caused problems for multi-arch. Closes: #680011 [ Tollef Fog Heen ] * Move diversion removal from postinst to preinst. Closes: #679728 * Prevent the journal from crashing when running out of disk space. This is 499fb21 from upstream. Closes: #668047. * Stop mounting a tmpfs on /media. Closes: #665943 -- Tollef Fog Heen Sun, 01 Jul 2012 08:17:50 +0200 systemd (44-3) unstable; urgency=low [ Michael Biebl ] * Bump to debhelper 9. * Convert to Multi-Arch: same where possible. Closes: #676615 [ Tollef Fog Heen ] * Cherry-pick d384c7 from upstream to stop journald from leaking memory. Thanks to Andreas Henriksson for testing. Closes: #677701 * Ship lsb init script override/integration in /lib/lsb/init-functions.d rather than diverting /lib/lsb/init-functions itself. Add appropriate Breaks to ensure upgrades happen. -- Tollef Fog Heen Fri, 29 Jun 2012 22:34:16 +0200 systemd (44-2) unstable; urgency=low [ Michael Biebl ] * Tighten the versions in the maintscript file * Ship the /sys directory in the package * Re-add workaround for non-interactive PAM sessions * Mask checkroot-bootclean (Closes: #670591) * Don't ignore errores in systemd-sysv postinst [ Tollef Fog Heen ] * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422 * Make sure /run/sensigs.omit.d exists. * Add python-dbus and python-cairo to Suggests, for systemd-analyze. Closes: #672965 -- Tollef Fog Heen Tue, 08 May 2012 18:04:22 +0200 systemd (44-1) unstable; urgency=low [ Tollef Fog Heen ] * New upstream version. - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other archs - Backport 5a2a2a1: journal: react with immediate rotation to a couple of more errors - Backport 693ce21: util: never follow symlinks in rm_rf_children() Fixes CVE-2012-1174, closes: #664364 * Drop output message from init-functions hook, it's pointless. * Only rmdir /lib/init/rw if it exists. * Explicitly order debian-fixup before sysinit.target to prevent a possible race condition with the creation of sockets. Thanks to Michael Biebl for debugging this. * Always restart the initctl socket on upgrades, to mask sysvinit removing it. [ Michael Biebl ] * Remove workaround for non-interactive sessions from pam config again. * Create compat /dev/initctl symlink in case we are upgrading from a system running a newer version of sysvinit (using /run/initctl) and sysvinit is replaced with systemd-sysv during the upgrade. Closes: #663219 * Install new man pages. * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323 -- Tollef Fog Heen Tue, 03 Apr 2012 19:59:17 +0200 systemd (43-1) experimental; urgency=low [ Tollef Fog Heen ] * Target upload at experimental due to libkmod dependency * New upstream release - Update bash-completion for new verbs and arguments. Closes: #650739 - Fixes local DoS (CVE-2012-1101). Closes: #662029 - No longer complains if the kernel lacks audit support. Closes: #642503 * Fix up git-to-source package conversion script which makes gitpkg happier. * Add libkmod-dev to build-depends * Add symlink from /bin/systemd to /lib/systemd/systemd. * Add --with-distro=debian to configure flags, due to no /etc/os-release yet. * Add new symbols for libsystemd-login0 to symbols file. * Install a tmpfiles.d file for the /dev/initctl → /run/initctl migration. Closes: #657979 * Disable coredump handling, it's not ready yet. * If /run is a symlink, don't try to do the /var/run → /run migration. Ditto for /var/lock → /run/lock. Closes: #647495 [ Michael Biebl ] * Add Build-Depends on liblzma-dev for journal log compression. * Add Build-Depends on libgee-dev, required to build systemadm. * Bump Standards-Version to 3.9.2. No further changes. * Add versioned Build-Depends on automake and autoconf to ensure we have recent enough versions. Closes: #657284 * Add packages for libsystemd-journal and libsystemd-id128. * Update symbols file for libsystemd-login. * Update configure flags, use rootprefix instead of rootdir. * Copy intltool files instead of symlinking them. * Re-indent init-functions script. * Remove workarounds for services using X-Interactive. The LSB X-Interactive support turned out to be broken and has been removed upstream so we no longer need any special handling for those type of services. * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries. * Install /var/lib/systemd directory. * Install /var/log/journal directory where the journal files are stored persistently. * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no). * Avoid error messages from systemctl in postinst if systemd is not running by checking for /sys/fs/cgroup/systemd before executing systemctl. Closes: #642749 * Stop installing lib-init-rw (auto)mount units and try to cleanup /lib/init/rw in postinst. Bump dependency on initscripts accordingly. Closes: #643699 * Disable pam_systemd for non-interactive sessions to work around an issue with sudo. * Use new dh_installdeb maintscript facility to handle obsolete conffiles. Bump Build-Depends on debhelper accordingly. * Rename bash completion file systemctl-bash-completion.sh → systemd-bash-completion.sh. * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir. -- Tollef Fog Heen Tue, 07 Feb 2012 21:36:34 +0100 systemd (37-1.1) unstable; urgency=low * Non-maintainer upload with Tollef's consent. * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't generate parallel-safe build rules. Closes: #661842 * Create a compat symlink /run/initctl → /dev/initctl to work with newer versions of sysvinit. Closes: #657979 -- Michael Biebl Sat, 03 Mar 2012 17:42:10 +0100 systemd (37-1) unstable; urgency=low [ Tollef Fog Heen ] * New upstream version * Change the type of the debian-fixup service to oneshot. Closes: #642961 * Add ConditionPathIsDirectory to lib-init-rw.automount and lib-init-rw.mount so we only activate the unit if the directory exists. Closes: #633059 * If a sysv service exists in both rcS and rcN.d runlevels, drop the rcN.d ones to avoid loops. Closes: #637037 * Blacklist fuse init script, we do the same work already internally. Closes: #643700 * Update README.Debian slightly for /run rather than /lib/init/rw [ Josh Triplett ] * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing /tmp. Closes: #643698 -- Tollef Fog Heen Wed, 28 Sep 2011 20:04:13 +0200 systemd (36-1) unstable; urgency=low [ Tollef Fog Heen ] * New upstream release. Closes: #634618 - Various man page fixes. Closes: #623521 * Add debian-fixup service that symlinks mtab to /proc/mounts and migrates /var/run and /var/lock to symlinks to /run [ Michael Biebl ] * Build for libnotify 0.7. * Bump Build-Depends on libudev to (>= 172). * Add Build-Depends on libacl1-dev. Required for building systemd-logind with ACL support. * Split libsystemd-login and libsystemd-daemon into separate binary packages. * As autoreconf doesn't like intltool, override dh_autoreconf and call intltoolize and autoreconf ourselves. * Add Build-Depends on intltool. * Do a one-time migration of the hwclock configuration. If UTC is set to "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting. * Remove /cgroup cleanup code from postinst. * Add Build-Depends on gperf. -- Tollef Fog Heen Wed, 14 Sep 2011 08:25:17 +0200 systemd (29-1) unstable; urgency=low [ Tollef Fog Heen ] * New upstream version, Closes: #630510 - Includes typo fixes in documentation. Closes: #623520 * Fall back to the init script reload function if a native .service file doesn't know how to reload. Closes: #628186 * Add hard dependency on udev. Closes: #627921 [ Michael Biebl ] * hwclock-load.service is no longer installed, so we don't need to remove it anymore in debian/rules. * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and sysctl.d. * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files are installed in /usr/lib/tmpfiles.d now. * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking support in fsck and remove our revert patch. * Don't choke when systemd was compiled with a different CAP_LAST_CAP then what it is run with. Patch cherry-picked from upstream Git. Closes: #628081 * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled in kernel. Patch cherry-picked from upstream Git. Closes: #624522 -- Tollef Fog Heen Wed, 08 Jun 2011 16:14:31 +0200 systemd (25-2) experimental; urgency=low * Handle downgrades more gracefully by removing diversion of /lib/lsb/init-functions on downgrades to << 25-1. * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream, avoids assert when dumping properties. Closes: #624094 * Remove "local" in non-function context in init-functions wrapper. -- Tollef Fog Heen Wed, 27 Apr 2011 22:20:04 +0200 systemd (25-1) experimental; urgency=low * New upstream release, target experimental due to initscripts dependency. - Fixes where to look for locale config. Closes: #619166 * Depend on initscripts >= 2.88dsf-13.4 for /run transition. * Add Conflicts on klogd, since it doesn't work correctly with the kmg→/dev/log bridge. Closes: #622555 * Add suggests on Python for systemd-analyze. * Divert /lib/lsb/init-functions instead of (ab)using /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/* * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093 * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master: mkdir /run/systemd/system when starting up -- Tollef Fog Heen Sun, 24 Apr 2011 09:02:04 +0200 systemd (20-1) unstable; urgency=low * New upstream version * Install systemd-machine-id-setup * Call systemd-machine-id-setup in postinst * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to prevent dbus assert error. * Enable TCP wrapper support. Closes: #618409 * Enable SELinux support. Closes: #618412 * Make getty start after Apache2 and OpenVPN (which are the only two known users of X-Interactive: yes). Closes: #618419 -- Tollef Fog Heen Fri, 11 Mar 2011 19:14:21 +0100 systemd (19-1) experimental; urgency=low * New upstream release * Add systemd-tmpfiles to systemd package. * Add ifup@.service for handling hotplugged interfaces from udev. Closes: #610871 * Mask mtab.service and udev-mtab.service as they are pointless when /etc/mtab is a symlink to /proc/mounts * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules that don't work well with systemd causing delays on bootup. -- Tollef Fog Heen Thu, 17 Feb 2011 07:36:22 +0100 systemd (17-1) experimental; urgency=low [ Tollef Fog Heen ] * New upstream release * Clarify ifupdown instructions in README.Debian somewhat. Closes: #613320 * Silently skip masked services in lsb-base-logging.sh instead of failing. Initial implementation by Michael Biebl. Closes: #612551 * Disable systemd-vconsole-setup.service for now. [ Michael Biebl ] * Bump build dependency on valac-0.10 to (>= 0.10.3). * Improve regex in lsb-base-logging.sh for X-Interactive scripts. Closes: #613325 -- Tollef Fog Heen Wed, 16 Feb 2011 21:06:16 +0100 systemd (16-1) experimental; urgency=low [ Tollef Fog Heen ] * New upstream release. Closes: #609611 * Get rid of now obsolete patches that are upstream. * Use the built-in cryptsetup support in systemd, build-depend on libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib. * Don't use systemctl redirect for init scripts with X-Interactive: true [ Michael Biebl ] * Update package description * Use v8 debhelper syntax * Make single-user mode work * Run hwclock-save.service on shutdown * Remove dependencies on legacy sysv mount scripts, as we use native mounting. -- Tollef Fog Heen Sun, 16 Jan 2011 11:04:13 +0100 systemd (15-1) UNRELEASED; urgency=low [ Tollef Fog Heen ] * New upstream version, thanks a lot to Michael Biebl for help with preparing this version. - This version handles cycle breaking better. Closes: #609225 * Add libaudit-dev to build-depends * /usr/share/systemd/session has been renamed to /usr/share/systemd/user upstream, adjust build system accordingly. * Remove -s from getty serial console invocation. * Add dependency on new util-linux to make sure /sbin/agetty exists * Don't mount /var/lock with gid=lock (Debian has no such group). * Document problem with ifupdown's /etc/network/run being a normal directory. [ Michael Biebl ] * Revert upstream change which requires libnotify 0.7 (not yet available in Debian). * Use dh-autoreconf for updating the build system. * Revert upstream commit which uses fsck -l (needs a newer version of util-linux). * Explicitly disable cryptsetup support to not accidentally pick up a libcryptsetup dependency in a tainted build environment, as the library is currently installed in /usr/lib. * Remove autogenerated man pages and vala C sources, so they are rebuilt. * Use native systemd mount support: - Use MountAuto=yes and SwapAuto=yes (default) in system.conf - Mask SysV init mount, check and cleanup scripts. - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as synchronization point for SysV init scripts. * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd. * Create an alias for procps (→ systemd-sysctl.service) and urandom (→ systemd-random-seed-load.service). * Create an alias for module-init-tools (→ systemd-modules-load.service) and a symlink from /etc/modules-load.d/modules.conf → /etc/modules. * Install lsb-base hook which redirects calls to SysV init scripts to systemctl: /etc/init.d/ → systemctl * Install a (auto)mount unit to mount /lib/init/rw early during boot. -- Tollef Fog Heen Sat, 20 Nov 2010 09:28:01 +0100 systemd (11-2) UNRELEASED; urgency=low * Tighten depends from systemd-* on systemd to ensure they're upgraded in lockstep. Thanks to Michael Biebl for the patch. * Add missing #DEBHELPER# token to libpam-systemd * Stop messing with runlevel5/multi-user.target symlink, this is handled correctly upstream. * Stop shipping /cgroup in the package. * Remove tmpwatch services, Debian doesn't have or use tmpwatch. * Make sure to enable GTK bits. * Ship password agent * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the patch. Closes: #599577 -- Tollef Fog Heen Tue, 02 Nov 2010 21:47:10 +0100 systemd (11-1) experimental; urgency=low * New upstream version. Closes: #597284 * Add pam-auth-update calls to libpam-systemd's postinst and prerm * Make systemd-sysv depend on systemd * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966 * Add libnotify-dev to build-depends (needed for systemadm) -- Tollef Fog Heen Thu, 07 Oct 2010 22:01:19 +0200 systemd (8-2) experimental; urgency=low * Hardcode udev rules dir in configure call. * Remove README.source as it's no longer accurate. -- Tollef Fog Heen Mon, 30 Aug 2010 21:10:26 +0200 systemd (8-1) experimental; urgency=low * New upstream release * Only ship the top /cgroup * Pass --with-rootdir= to configure, to make it think / is / rather than // * Add PAM module package * Fix up dependencies in local-fs.target. Closes: #594420 * Move systemadm to its own package. Closes: #588451 * Update standards-version (no changes needed) * Update README.Debian to explain how to use systemd. * Add systemd-sysv package that provides /sbin/init and friends. -- Tollef Fog Heen Sat, 07 Aug 2010 07:31:38 +0200 systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low * Initial release, upload to experimental. Closes: #580814 -- Tollef Fog Heen Fri, 30 Apr 2010 21:02:25 +0200